Cannot register DLL or OCX control in Windows: Load Library Error: Invalid Access to Memory Location

 

While using a product, you may experience an error stating that one of the DLLs or OCX controls is either missing or is not registered properly.  When you try to manually register the DLL or OCX control, 

example:  

 

regsvr32  C:\WINDOWS\system32\ccrpsbrb.ocx

 

you may find that the following error message is displayed:

 

LoadLibrary("ccrpsbrb.ocx") failed - Invalid access to memory location.

After some searching, it turns out that this issue may the result of a Windows security system called DEP (Data Execution Prevention) which is designed to help protect against damage from viruses and other security threats.  This system limits what type of OCX controls can be registered and what programs can run without interference.  In particular, it will block 16-bit OCX controls from being registered and from running.

 

DEP was first introduced in Service Pack 1 for Windows 2003 Server and was automatically configured to the highest security setting.  It was later rolled out to Windows XP through Service Pack 2, although it was set to the lower setting so most users never saw any side effects.

 

Since then, DEP has been present in every OS release including Windows Vista, Windows 2008 Server and Windows 7.  The typical rule of thumb is that it will be set to the highest security setting on a server OS and set to a lower security setting on a workstation or home OS.  However, RJS has seen the higher security settings get pushed out by domain controllers on client sites many times over the years.

 

There are a few options to resolve this issue and allow you register the DLL or OCX object.

 

The first option would be to lower the DEP protection from all programs to only system critical programs.

 

To do this, right-click on My Computer and select Properties to open the System Properties.

 

On the Advanced Tab, locate the section Performance and click the Settings button.

 

Select the tab labeled Data Execution Prevention (also known as DEP).

 

On this page, make sure that the first option labeled "Turn on DEP for essential Windows programs and services only" is enabled.

 

Save the changes and reboot if prompted.

 

The second option would be to select programs that should be allowed to run unhindered by DEP.

 

''Please note that you are making an exception for each program that is using the DLL or OCX in question.  You are not making an exception for the DLL or OCX object itself.''

 

To do this, right-click on My Computer and select Properties to open the System Properties.

 

On the Advanced Tab, locate the section Performance and click the Settings button.

 

Select the tab labeled Data Execution Prevention (also known as DEP).

 

On this page, make sure that the second option labeled "Turn on DEP for all programs and services except those I select" is enabled.

 

In the list below this option, you will need to add the applications that were having problems to the list.

 

For example, the following applications would be added to get the RJS Text Layer Designer to work:

This will give these applications full permission to run and to use the OCX controls that were having problems.  

 

Once the programs have been added to the list, save your changes.

 

Please note that these changes must be PERMANENT.  If these applications are removed from the list, the Text Layer Designer (or any other app that you are trying to get working) will error out, even if the OCX control is properly registered.

 

You will still need to register the DLL or OCX object using REGSVR32 on the RUN command line.

 

For example: "regsvr32  C:\WINDOWS\system32\ccrpsbrb.ocx."

 

HINT: Double quotes will be necessary if the path to the DLL or OCX has a space in it.

 

HINT: If you drag any file to the RUN command line, the entire path to that file will automatically be added to the end of the current value.

 

Data execution prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help protect against malicious code exploits. Windows Server 2003 Service Pack 1 enforces DEP using both hardware and software.

 

Hardware-enforced DEP marks all memory locations in a process as non-executable unless the location explicitly contains executable code. There is a class of attacks that attempt to insert and execute code from non-executable memory locations. DEP helps prevent these attacks by intercepting them and raising an exception. Both Advanced Micro Devices? (AMD) and Intel Corporation have defined and shipped Windows-compatible architectures that are compatible with DEP. Service Pack 1 utilizes the no-execute page-protection (NX) processor feature as defined by AMD or the Execute Disable bit (XD) feature as defined by Intel. (Note: 32-bit processors must be running in Physical Address Extension mode to make use of this function.)

 

An additional set of DEP security checks have been added to Windows Server 2003 with Service Pack 1. These checks, known as software-enforced DEP, are designed to mitigate exploits of exception handling mechanisms in Windows. Software-enforced DEP runs on any processor that can run Windows Server 2003 with Service Pack 1. By default, software-enforced DEP protects only limited system binaries, regardless of the hardware-enforced DEP capabilities of the processor.

 

Software-enforced DEP performs additional checks on exception handling mechanisms in Windows. If the program?s image files are built with Safe Structured Exception Handling (SafeSEH), software-enforced DEP ensures that before an exception is dispatched, the exception handler is registered in the function table located within the image file. If the program?s image files are not built with SafeSEH, software-enforced DEP ensures that before an exception is dispatched, the exception handler is located within a memory region marked as executable.

 

The primary benefit of DEP is that it helps prevent code execution from data pages such as the default heap, various stacks, and memory pools. In normal operations of the system, code is not typically executed from the default heap and stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. If the exception is unhandled, the process will be terminated. Execution of code from protected memory in kernel mode results in an error.

 

Although terminating a process or causing the system to fail with an error do not appear to be ideal experiences, this helps prevent malicious code from executing. Preventing malicious code from executing on the system may prevent damage to a customer?s system or propagation of malicious code whose harmful effects could easily exceed those of a terminated process or system error.

 

DEP can help mitigate a class of security exploits. Specifically, DEP can prevent the exploit in which a virus or other attack has injected a process with additional code and then attempts to execute the injected code. On a system with DEP, execution of the injected code would result in an exception. Software-enforced DEP can help mitigate exploits of exception--handling mechanisms within Windows.

 

A secondary benefit of DEP relates to good engineering and best practices for application and driver developers. DEP forces developers to avoid executing code out of data pages without explicitly marking the pages as executable.