您的位置: 首页  >  IT文章  >  VBA 程序加密破解

VBA 程序加密破解

分类: IT文章 2022-04-23 20:59:59

https://blog.csdn.net/nalnait/article/details/81038659

今天遇到一个excel小工具感觉不错,想研究研究代码,竟然有密码,我就不淡定了。网上找了找代码,改了一下就OK了。

这种方法实际是避开VBA工程密码验证,即,骗vba编辑器,该密码输入成功,请求放行。 

原理不多说了,先将方法公布: 
=================================================== 
1.新建一个工作簿,打开,按ALT+F11,进入vba代码编辑器窗口: 

2.新建一个模块,“插入”--“模块”把以下代码复制进模块并保存。

Option Explicit
Private Declare Sub MoveMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Long, Source As Long, ByVal Length As Long)
Private Declare Function VirtualProtect Lib "kernel32" (lpAddress As Long, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long
         
Private Declare Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As Long
    
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
    
Private Declare Function DialogBoxParam Lib "user32" Alias "DialogBoxParamA" (ByVal hInstance As Long, ByVal pTemplateName As Long, ByVal hWndParent As Long, ByVal lpDialogFunc As Long, ByVal dwInitParam As Long) As Integer
         
Dim HookBytes(0 To 5) As Byte
Dim OriginBytes(0 To 5) As Byte
Dim pFunc As Long
Dim Flag As Boolean
Private Function GetPtr(ByVal Value As Long) As Long
    GetPtr = Value
End Function
Public Sub RecoverBytes()
    If Flag Then MoveMemory ByVal pFunc, ByVal VarPtr(OriginBytes(0)), 6
End Sub
Public Function Hook() As Boolean
    Dim TmpBytes(0 To 5) As Byte
    Dim p As Long
    Dim OriginProtect As Long
    
    Hook = False
    pFunc = GetProcAddress(GetModuleHandleA("user32.dll"), "DialogBoxParamA")
    If VirtualProtect(ByVal pFunc, 6, &H40, OriginProtect) <> 0 Then
        MoveMemory ByVal VarPtr(TmpBytes(0)), ByVal pFunc, 6
        If TmpBytes(0) <> &H68 Then
            MoveMemory ByVal VarPtr(OriginBytes(0)), ByVal pFunc, 6
            p = GetPtr(AddressOf MyDialogBoxParam)
            HookBytes(0) = &H68
            MoveMemory ByVal VarPtr(HookBytes(1)), ByVal VarPtr(p), 4
            HookBytes(5) = &HC3
            MoveMemory ByVal pFunc, ByVal VarPtr(HookBytes(0)), 6
            Flag = True
            Hook = True
        End If
    End If
End Function
Private Function MyDialogBoxParam(ByVal hInstance As Long, _
        ByVal pTemplateName As Long, ByVal hWndParent As Long, _
        ByVal lpDialogFunc As Long, ByVal dwInitParam As Long) As Integer
    If pTemplateName = 4070 Then
        MyDialogBoxParam = 1
    Else
        RecoverBytes
        MyDialogBoxParam = DialogBoxParam(hInstance, pTemplateName, hWndParent, lpDialogFunc, dwInitParam)
        Hook
    End If
End Function

3.右击sheet1工作表,“查看代码”复制以下代码进去并保存:

'破解
Sub Crack()
  If Hook Then MsgBox "破解成功"
End Sub


'恢复
Sub Recovery()
  RecoverBytes
  MsgBox "恢复成功"
End Sub

4.到此,一个vba破解程序完成了,回到该工作簿窗口,文件-打开 打开需要破解vba工程密码的工作簿. 
5.运行"call 破解" 稍后你再双击刚才要解密的VBA工程窗体.是不是如入无人之境啊,工程保护密码形同虚设!
6.破解完成后,请右键刚破解的VBA工程,在"查看工程时需要密码"的地方复选框取消选择,OK.完成. 
7.完成后别忘了执行"call 恢复",恢复密码保护(恢复程序的密码保护,已被破解的文件不受影响. 
(请勿用于非法途径)

相关推荐