penetration test – Bypass ASLR in buffer overflow

Iam new in buffer overflow and i have some questions :

0- Is all dll files in windows are loaded at memory or some of them only , If some of them , Who tell windows to load this and leave this

1- How an .exe program know a dll’s functions memory location , after it (program) became an exe file (0,1) // While ASLR is enabled and location changed every time windows reboot

2- Why we didn’t use it’s method to find a (call/jmp esp)’s location in buffer overflow when ASLR is enabled

3- I want a resources to study basics of how os work and reverse engineering that I need for a (pentester) not a malware analyst or reverse engineer