Is the ATL incompatibility with DEP fixable?

Question

ATL uses thunks to manage callbacks for windows, and apparently it needs to allow for data execution.

Microsoft says:

Note that system DEP policy can override, and having DEP AlwaysOn will disable ATL thunk emulation, regardless of the attribute.

Am I correct in translating this quote to (more or less) "ATL applications can crash due to system policies"?

Is there a way to make a pre-ATL-8.0 application work correctly on any system, hopefully while still turning on DEP for everything other than the thunk?

Answer 1

DEP is enabled per process, so you cannot disable DEP for the buggy fragment only. The options are either to rebuild a binary with fixed ATL to make the binary DEP-compatible, or disable DEP for the whole process where the binary is used.

Earlier ATL versions indeed had this problem and it was fixed at some point.

DEP exceptions are under My Computer, Advanced tab, Performance Settings, Data Execution Prevention.

Answer 2

It is not a problem with ATL 8.0:

If possible, replace the older components with ones built to support the "No eXecute Compatibility", such as those using ATL 8.0 or newer. The ATL thunk strategy was devised as a lookup convenience and to avoid using thread-local storage for a window-handle-to-object map, but the thunk emulation required in DEP-aware OS's negates and even reverses any performance improvement. Newer versions of ATL don't require the thunk emulation because their thunks are created in executable data blocks.

EDIT: Sorry, didn't notice you asked about pre-8.0 ATL.