實例句柄0x10000000有什麼特別之處？What is so special about the instance handle 0x10000000?

當Load­Library函數返回特殊值時，客戶想知道它意味着什麼0x10000000。
嗯，這意味着LIB被加載進了0x10000000？
好的，這裏有一些更多的信息：「咱們正在嘗試調試一個加載DLL的應用程序，並試圖在他們調用時掛鉤他們的註冊表訪問Dll­Register­Server。看起來當從特殊句柄返回時Load­Library，註冊表寫入經過並繞過鉤子。另外一方面，當返回正常值時Load­Library，鉤子起做用。「 
值沒有什麼特別之處0x10000000。這是一個像任何其餘地址同樣的地址。
在這一點上，你的精神力量可能會開始刺痛。每一個進行Win32編程的人都應該認識到這一點0x10000000是連接器分配的默認DLL基址。若是您未指定自定義基址，則連接器將以您爲基礎0x10000000。
如今狀況開始變得有意義了。被監視的DLL多是使用默認的基址構建的。該值0x10000000是特殊的，不是由於它的數值，而是由於它匹配DLL的首選地址，這意味着沒有發生變基。這反過來代表，若是DLL在其首選地址加載，則註冊表掛鉤中存在錯誤。
有問題的代碼是從書中複製的，因此如今他們能夠調試從書中複製的代碼。
等等，咱們還沒完成。
您可能已經回答了客戶的問題，但您尚未解決他們的問題。

不支持掛鉤和修補這樣的DLL。可是，什麼是支持的是Reg­Override­Predef­Key功能。事實上，這Reg­Override­Predef­Key是專門爲解決這個問題而設計的：

該RegOverridePredefKey功能可用於軟件安裝程序。它容許它們從新映射預約義的密鑰，加載將安裝在系統上的DLL組件，調用DLL中的入口點，並檢查組件嘗試進行的註冊表更改。

文檔繼續，解釋了這樣的安裝程序如何使用該Reg­Override­Predef­Key函數來完成所需的任務。

A customer wanted to know what it means when the Load­Library function returns the special value 0x10000000.
Um, it means that the library was loaded at 0x10000000?
Okay, here’s some more information: 「We’re trying to debug an application which loads DLLs and attempts to hook their registry accesses when they call Dll­Register­Server. It looks like when the special handle is returned from Load­Library, the registry writes go through and bypass the hook. On the other hand, when a normal value is returned by Load­Library, the hook works.」
There is nothing special about the value 0x10000000. It’s an address like any other address.
At this point, your psychic powers might start tingling. Everybody who does Win32 programming should recognize that 0x10000000 is the default DLL base address assigned by the linker. If you don’t specify a custom base address, the linker will base you at 0x10000000.
Now things are starting to make sense. The DLL being monitored was probably built with the default base address. The value 0x10000000 is special not because of its numeric value, but because it matches the DLL’s preferred address, which means that no rebasing has occurred. And this in turn suggests that there’s a bug in the registry hooks if the DLL is loaded at its preferred address.
The code in question was copied from a book, so now they get to debug code copied from a book.
Wait, we’re not finished yet.
You may have answered the customer’s question, but you haven’t solved their problem.

Hooking and patching DLLs like this is not supported. But what is supported is the Reg­Override­Predef­Key function. In fact, the Reg­Override­Predef­Key was designed specifically to solve this very problem:

The Reg­Override­Predef­Key function is intended for software installation programs. It allows them to remap a predefined key, load a DLL component that will be installed on the system, call an entry point in the DLL, and examine the changes to the registry that the component attempted to make.

The documentation continues, explaining how such an installation program might use the Reg­Override­Predef­Key function to accomplish the desired task.