编辑:这是已接受答案的更新版本，应该适用于更多的办公室版本。这很难，但让我们把这个答案说出来吧!

轮到我了，这是建立在kaybee99的优秀答案之上的，它建立在Đức Thanh nguykun的出色答案之上，允许这种方法与32/64位版本的Office一起工作。

概览一下更改的内容，我们避免了push/ret，它仅限于32位地址，并将其替换为mov/jmp reg。

它是如何工作的

Open the file(s) that contain your locked VBA Projects. Create a new file with the same type as the above and store this code in Module1 Option Explicit Private Const PAGE_EXECUTE_READWRITE = &H40 Private Declare PtrSafe Sub MoveMemory Lib "kernel32" Alias "RtlMoveMemory" _ (Destination As LongPtr, Source As LongPtr, ByVal Length As LongPtr) Private Declare PtrSafe Function VirtualProtect Lib "kernel32" (lpAddress As LongPtr, _ ByVal dwSize As LongPtr, ByVal flNewProtect As LongPtr, lpflOldProtect As LongPtr) As LongPtr Private Declare PtrSafe Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As LongPtr Private Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As LongPtr, _ ByVal lpProcName As String) As LongPtr Private Declare PtrSafe Function DialogBoxParam Lib "user32" Alias "DialogBoxParamA" (ByVal hInstance As LongPtr, _ ByVal pTemplateName As LongPtr, ByVal hWndParent As LongPtr, _ ByVal lpDialogFunc As LongPtr, ByVal dwInitParam As LongPtr) As Integer Dim HookBytes(0 To 11) As Byte Dim OriginBytes(0 To 11) As Byte Dim pFunc As LongPtr Dim Flag As Boolean Private Function GetPtr(ByVal Value As LongPtr) As LongPtr GetPtr = Value End Function Public Sub RecoverBytes() If Flag Then MoveMemory ByVal pFunc, ByVal VarPtr(OriginBytes(0)), 12 End Sub Public Function Hook() As Boolean Dim TmpBytes(0 To 11) As Byte Dim p As LongPtr, osi As Byte Dim OriginProtect As LongPtr Hook = False #If Win64 Then osi = 1 #Else osi = 0 #End If pFunc = GetProcAddress(GetModuleHandleA("user32.dll"), "DialogBoxParamA") If VirtualProtect(ByVal pFunc, 12, PAGE_EXECUTE_READWRITE, OriginProtect) <> 0 Then MoveMemory ByVal VarPtr(TmpBytes(0)), ByVal pFunc, osi+1 If TmpBytes(osi) <> &HB8 Then MoveMemory ByVal VarPtr(OriginBytes(0)), ByVal pFunc, 12 p = GetPtr(AddressOf MyDialogBoxParam) If osi Then HookBytes(0) = &H48 HookBytes(osi) = &HB8 osi = osi + 1 MoveMemory ByVal VarPtr(HookBytes(osi)), ByVal VarPtr(p), 4 * osi HookBytes(osi + 4 * osi) = &HFF HookBytes(osi + 4 * osi + 1) = &HE0 MoveMemory ByVal pFunc, ByVal VarPtr(HookBytes(0)), 12 Flag = True Hook = True End If End If End Function Private Function MyDialogBoxParam(ByVal hInstance As LongPtr, _ ByVal pTemplateName As LongPtr, ByVal hWndParent As LongPtr, _ ByVal lpDialogFunc As LongPtr, ByVal dwInitParam As LongPtr) As Integer If pTemplateName = 4070 Then MyDialogBoxParam = 1 Else RecoverBytes MyDialogBoxParam = DialogBoxParam(hInstance, pTemplateName, _ hWndParent, lpDialogFunc, dwInitParam) Hook End If End Function Paste this code in Module2 and run it Sub unprotected() If Hook Then MsgBox "VBA Project is unprotected!", vbInformation, "*****" End If End Sub

保护是Excel中的一个简单的文本比较。 在你最喜欢的调试器中加载Excel (Ollydbg是我选择的工具)，找到进行比较的代码并将其修复为总是返回true，这应该可以让你访问宏。

删除VBA项目密码的一个简单方法是执行以下操作:

将xlsm文件转换为zip 打开VBAProject.bin文件(我更喜欢使用notepad++ (https://notepad-plus-plus.org/downloads/)) 搜索DPB字段 用DPx替换它 保存文件 将zip文件转换为XLSM 打开excel文件 如果出现消息框，请单击“是” 为VBA项目属性设置新密码 关闭并再次打开该文件 输入新密码取消保护

是的，只要你使用的是。xls格式的电子表格(2003年以前Excel的默认格式)。对于Excel 2007以后，默认是.xlsx，这是一个相当安全的格式，这个方法将不起作用。

正如Treb所说，这是一个简单的比较。一种方法是使用十六进制编辑器(参见Windows的十六进制编辑器)简单地交换文件中的密码条目。循序渐进的例子:

Create a new simple excel file. In the VBA part, set a simple password (say - 1234). Save the file and exit. Then check the file size - see Stewbob's gotcha Open the file you just created with a hex editor. Copy the lines starting with the following keys: CMG=.... DPB=... GC=... FIRST BACKUP the excel file you don't know the VBA password for, then open it with your hex editor, and paste the above copied lines from the dummy file. Save the excel file and exit. Now, open the excel file you need to see the VBA code in. The password for the VBA code will simply be 1234 (as in the example I'm showing here).

如果你需要使用Excel 2007或2010，下面有一些其他的答案可能会有帮助，特别是这些:1、2、3。

编辑2015年2月:另一种看起来很有前途的方法，看看Đức Thanh nguy的新答案。

接受的答案在Windows 10上的Excel 2019中无法正常工作。找到了查看锁定宏所需的额外步骤。我正在总结步骤。

Add a .zip to the end of the excel filename and hit enter Once the file has been changed to a ZIP file, open it by double clicking on it Inside you would see a folder called xl like below Inside xl, you'll find a file called vbaProject.bin, copy/paste it on the desktop Go to the online Hexadecimal Editor HexEd.it Search for the following texts DPB=... and change them to DPx=... Save the file and close HexEd.it Copy/Paste the updated file from your desktop inside the ZIP file (you would need to overwrite it) Remove the .zip extension from the end of the filename and add the excel extention again. Open the file in excel - you may receive a couple of error notifications, just click through them.

====在接受的答案=====之外的额外步骤

Open the Visual Basic window (usually ALT+F11 if I remember correctly) and open the VBAProject properties (Tools menu). Click on the Protection tab and change (do not remove at this stage) the password to something short and easy to remember (we'll be removing in next step). Save the workbook and then close and reopen. Open again the Visual Basic window and enter the password you just put in. Redo the previous step but this time you can remove (delete) the password. Save the workbook and you have now removed the password.

从以下站点采取额外步骤 https://confluence.jaytaala.com/display/TKB/Remove+Excel+VBA+password

如果该文件是一个有效的zip文件(前几个字节是504b——用于.xlsm等格式)，那么解压缩该文件并查找子文件xl/vbaProject.bin。这是一个CFB文件，就像.xls文件一样。按照XLS格式的说明(应用于子文件)，然后压缩内容。

对于XLS格式，您可以使用本文中的其他一些方法。我个人更喜欢搜索DPB=块并替换文本

CMG="..."
DPB="..."
GC="..."

有空格。这样就避免了CFB容器大小的问题。