The programs that use some APIs, have import table that points to the name & module of needed APIs .
At the runtime, the loader (Operating system) loads appropriate modules (such as Kernel32, User32 & GUI32) and fills the entries of this table with the current address of APIs in the memory.

In the packed or encrypted programs, the unpacker routine that runs at the start of the program, performs this operation. This routine first loads the module with LoadLibray() API and then finds the address of desired APIs by calling GetProcAddress().

If you can not remove this unpacking routine, you should use other hooking techniques such as DLL injection.