万一你的街区 没有发生= \ r \ nDPB“XXXX”=“XXXXX”\ r \ nGC =“XXXXXX” 如果您的“已知密码”文件比“未知密码”文件中的现有块短，请用后面的零填充十六进制字符串以达到正确的长度。

e.g.

CMG=“xxxxxx”\r\nDPB=“xxxxx”\r\nGC=“xxxxx”

在未知密码文件中，应设置为

CMG="XXXX00"\r\nDPB="XXXXX000"\r\nGC="XXXXXX0000"保留文件长度。

我在office 2007中也使用过。xla(97/2003格式)文件。

您的excel文件扩展名更改为xml。 然后用记事本打开。 密码文本在XML文件中找到。

你看下面这条线;

Sheets("Sheet1").Unprotect Password:="blabla"

(抱歉我的英语不好)

编辑:这是已接受答案的更新版本，应该适用于更多的办公室版本。这很难，但让我们把这个答案说出来吧!

轮到我了，这是建立在kaybee99的优秀答案之上的，它建立在Đức Thanh nguykun的出色答案之上，允许这种方法与32/64位版本的Office一起工作。

概览一下更改的内容，我们避免了push/ret，它仅限于32位地址，并将其替换为mov/jmp reg。

它是如何工作的

Open the file(s) that contain your locked VBA Projects. Create a new file with the same type as the above and store this code in Module1 Option Explicit Private Const PAGE_EXECUTE_READWRITE = &H40 Private Declare PtrSafe Sub MoveMemory Lib "kernel32" Alias "RtlMoveMemory" _ (Destination As LongPtr, Source As LongPtr, ByVal Length As LongPtr) Private Declare PtrSafe Function VirtualProtect Lib "kernel32" (lpAddress As LongPtr, _ ByVal dwSize As LongPtr, ByVal flNewProtect As LongPtr, lpflOldProtect As LongPtr) As LongPtr Private Declare PtrSafe Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As LongPtr Private Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As LongPtr, _ ByVal lpProcName As String) As LongPtr Private Declare PtrSafe Function DialogBoxParam Lib "user32" Alias "DialogBoxParamA" (ByVal hInstance As LongPtr, _ ByVal pTemplateName As LongPtr, ByVal hWndParent As LongPtr, _ ByVal lpDialogFunc As LongPtr, ByVal dwInitParam As LongPtr) As Integer Dim HookBytes(0 To 11) As Byte Dim OriginBytes(0 To 11) As Byte Dim pFunc As LongPtr Dim Flag As Boolean Private Function GetPtr(ByVal Value As LongPtr) As LongPtr GetPtr = Value End Function Public Sub RecoverBytes() If Flag Then MoveMemory ByVal pFunc, ByVal VarPtr(OriginBytes(0)), 12 End Sub Public Function Hook() As Boolean Dim TmpBytes(0 To 11) As Byte Dim p As LongPtr, osi As Byte Dim OriginProtect As LongPtr Hook = False #If Win64 Then osi = 1 #Else osi = 0 #End If pFunc = GetProcAddress(GetModuleHandleA("user32.dll"), "DialogBoxParamA") If VirtualProtect(ByVal pFunc, 12, PAGE_EXECUTE_READWRITE, OriginProtect) <> 0 Then MoveMemory ByVal VarPtr(TmpBytes(0)), ByVal pFunc, osi+1 If TmpBytes(osi) <> &HB8 Then MoveMemory ByVal VarPtr(OriginBytes(0)), ByVal pFunc, 12 p = GetPtr(AddressOf MyDialogBoxParam) If osi Then HookBytes(0) = &H48 HookBytes(osi) = &HB8 osi = osi + 1 MoveMemory ByVal VarPtr(HookBytes(osi)), ByVal VarPtr(p), 4 * osi HookBytes(osi + 4 * osi) = &HFF HookBytes(osi + 4 * osi + 1) = &HE0 MoveMemory ByVal pFunc, ByVal VarPtr(HookBytes(0)), 12 Flag = True Hook = True End If End If End Function Private Function MyDialogBoxParam(ByVal hInstance As LongPtr, _ ByVal pTemplateName As LongPtr, ByVal hWndParent As LongPtr, _ ByVal lpDialogFunc As LongPtr, ByVal dwInitParam As LongPtr) As Integer If pTemplateName = 4070 Then MyDialogBoxParam = 1 Else RecoverBytes MyDialogBoxParam = DialogBoxParam(hInstance, pTemplateName, _ hWndParent, lpDialogFunc, dwInitParam) Hook End If End Function Paste this code in Module2 and run it Sub unprotected() If Hook Then MsgBox "VBA Project is unprotected!", vbInformation, "*****" End If End Sub

对于.xlsm或.dotm文件类型，您需要以稍微不同的方式进行操作。

Change the extension of the .xlsm file to .zip. Open the .zip file (with WinZip or WinRar etc) and go to the xl folder. Extract the vbaProject.bin file and open it in a Hex Editor (I use HxD, its completely free and lightweight.) Search for DPB and replace with DPx and save the file. Replace the old vbaProject.bin file with this new on in the zipped file. Change the file extension back to .xlsm. Open workbook skip through the warning messages. Open up Visual Basic inside Excel. Go to Tools > VBAProject Properties > Protection Tab. Put in a new password and save the .xlsm file. Close and re open and your new password will work.

ElcomSoft提供高级办公密码破断器和高级办公密码恢复产品，只要文档是在Office 2007或更早版本中创建的，就可以适用于这种情况。

是的，只要你使用的是。xls格式的电子表格(2003年以前Excel的默认格式)。对于Excel 2007以后，默认是.xlsx，这是一个相当安全的格式，这个方法将不起作用。

正如Treb所说，这是一个简单的比较。一种方法是使用十六进制编辑器(参见Windows的十六进制编辑器)简单地交换文件中的密码条目。循序渐进的例子:

Create a new simple excel file. In the VBA part, set a simple password (say - 1234). Save the file and exit. Then check the file size - see Stewbob's gotcha Open the file you just created with a hex editor. Copy the lines starting with the following keys: CMG=.... DPB=... GC=... FIRST BACKUP the excel file you don't know the VBA password for, then open it with your hex editor, and paste the above copied lines from the dummy file. Save the excel file and exit. Now, open the excel file you need to see the VBA code in. The password for the VBA code will simply be 1234 (as in the example I'm showing here).

如果你需要使用Excel 2007或2010，下面有一些其他的答案可能会有帮助，特别是这些:1、2、3。

编辑2015年2月:另一种看起来很有前途的方法，看看Đức Thanh nguy的新答案。