我被要求更新一些Excel 2003宏,但是VBA项目有密码保护,而且似乎缺乏文档…没人知道密码。
是否有一种方法可以删除或破解VBA项目的密码?
当前回答
我的工具VbaDiff直接从文件中读取VBA,因此您可以使用它从大多数办公文档中恢复受保护的VBA代码,而无需求助于十六进制编辑器。
其他回答
保护是Excel中的一个简单的文本比较。 在你最喜欢的调试器中加载Excel (Ollydbg是我选择的工具),找到进行比较的代码并将其修复为总是返回true,这应该可以让你访问宏。
还有另一种更简单的解决方案,不存在尺寸问题。今天我使用了这种方法(在一个2003年的XLS文件上,使用Excel 2007),并且取得了成功。
备份xls文件 在HEX编辑器中打开文件,并找到DPB=…部分 更改DPB=…string to DPx=… 在Excel中打开xls文件 打开VBA编辑器(ALT + F11) 魔术: Excel发现一个无效的键(DPx),并询问您是否要继续加载项目(基本上忽略保护) 您将能够覆盖密码,因此将其更改为您可以记住的密码 保存xls文件* 关闭并重新打开文档并使用您的VBA魔法!
*注意:请确保您已将密码更改为新值,否则下次打开电子表格Excel将报告错误(意外错误),然后当您访问VBA模块列表时,您现在将看到源模块的名称,但在尝试打开表单/代码/等时收到另一个错误。要解决这个问题,请返回VBA项目属性并将密码设置为新值。保存并重新打开Excel文档,您应该可以开始了!
我的工具VbaDiff直接从文件中读取VBA,因此您可以使用它从大多数办公文档中恢复受保护的VBA代码,而无需求助于十六进制编辑器。
编辑:这是已接受答案的更新版本,应该适用于更多的办公室版本。这很难,但让我们把这个答案说出来吧!
轮到我了,这是建立在kaybee99的优秀答案之上的,它建立在Đức Thanh nguykun的出色答案之上,允许这种方法与32/64位版本的Office一起工作。
概览一下更改的内容,我们避免了push/ret,它仅限于32位地址,并将其替换为mov/jmp reg。
它是如何工作的
Open the file(s) that contain your locked VBA Projects. Create a new file with the same type as the above and store this code in Module1 Option Explicit Private Const PAGE_EXECUTE_READWRITE = &H40 Private Declare PtrSafe Sub MoveMemory Lib "kernel32" Alias "RtlMoveMemory" _ (Destination As LongPtr, Source As LongPtr, ByVal Length As LongPtr) Private Declare PtrSafe Function VirtualProtect Lib "kernel32" (lpAddress As LongPtr, _ ByVal dwSize As LongPtr, ByVal flNewProtect As LongPtr, lpflOldProtect As LongPtr) As LongPtr Private Declare PtrSafe Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As LongPtr Private Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As LongPtr, _ ByVal lpProcName As String) As LongPtr Private Declare PtrSafe Function DialogBoxParam Lib "user32" Alias "DialogBoxParamA" (ByVal hInstance As LongPtr, _ ByVal pTemplateName As LongPtr, ByVal hWndParent As LongPtr, _ ByVal lpDialogFunc As LongPtr, ByVal dwInitParam As LongPtr) As Integer Dim HookBytes(0 To 11) As Byte Dim OriginBytes(0 To 11) As Byte Dim pFunc As LongPtr Dim Flag As Boolean Private Function GetPtr(ByVal Value As LongPtr) As LongPtr GetPtr = Value End Function Public Sub RecoverBytes() If Flag Then MoveMemory ByVal pFunc, ByVal VarPtr(OriginBytes(0)), 12 End Sub Public Function Hook() As Boolean Dim TmpBytes(0 To 11) As Byte Dim p As LongPtr, osi As Byte Dim OriginProtect As LongPtr Hook = False #If Win64 Then osi = 1 #Else osi = 0 #End If pFunc = GetProcAddress(GetModuleHandleA("user32.dll"), "DialogBoxParamA") If VirtualProtect(ByVal pFunc, 12, PAGE_EXECUTE_READWRITE, OriginProtect) <> 0 Then MoveMemory ByVal VarPtr(TmpBytes(0)), ByVal pFunc, osi+1 If TmpBytes(osi) <> &HB8 Then MoveMemory ByVal VarPtr(OriginBytes(0)), ByVal pFunc, 12 p = GetPtr(AddressOf MyDialogBoxParam) If osi Then HookBytes(0) = &H48 HookBytes(osi) = &HB8 osi = osi + 1 MoveMemory ByVal VarPtr(HookBytes(osi)), ByVal VarPtr(p), 4 * osi HookBytes(osi + 4 * osi) = &HFF HookBytes(osi + 4 * osi + 1) = &HE0 MoveMemory ByVal pFunc, ByVal VarPtr(HookBytes(0)), 12 Flag = True Hook = True End If End If End Function Private Function MyDialogBoxParam(ByVal hInstance As LongPtr, _ ByVal pTemplateName As LongPtr, ByVal hWndParent As LongPtr, _ ByVal lpDialogFunc As LongPtr, ByVal dwInitParam As LongPtr) As Integer If pTemplateName = 4070 Then MyDialogBoxParam = 1 Else RecoverBytes MyDialogBoxParam = DialogBoxParam(hInstance, pTemplateName, _ hWndParent, lpDialogFunc, dwInitParam) Hook End If End Function Paste this code in Module2 and run it Sub unprotected() If Hook Then MsgBox "VBA Project is unprotected!", vbInformation, "*****" End If End Sub
Colin Pickard is mostly correct, but don't confuse the "password to open" protection for the entire file with the VBA password protection, which is completely different from the former and is the same for Office 2003 and 2007 (for Office 2007, rename the file to .zip and look for the vbaProject.bin inside the zip). And that technically the correct way to edit the file is to use a OLE compound document viewer like CFX to open up the correct stream. Of course, if you are just replacing bytes, the plain old binary editor may work.
顺便说一句,如果你想知道这些字段的确切格式,他们现在有文档:
http://msdn.microsoft.com/en-us/library/dd926151%28v=office.12%29.aspx
推荐文章
- ASP。NET身份的默认密码散列器-它是如何工作的,它是安全的?
- Excel VBA -退出循环
- 在SQL Server Management Studio中保存带有标题的结果
- Visual Basic 6.0与VBA的区别
- 连接网络共享时,如何提供用户名和密码
- Excel:匹配字符串中的最后一个字符/字符串
- 以编程方式将EditText的输入类型从PASSWORD更改为NORMAL,反之亦然
- 如何在隐藏和查看密码之间切换
- 在php中生成一个随机密码
- .text, .value和.value2之间的区别是什么?
- 从c#读取Excel文件
- SHA512 vs. Blowfish和Bcrypt
- 密码屏蔽控制台应用程序
- 检查单元格是否包含子字符串
- 在Excel中从公式返回空单元格
