https://blog.csdn.net/nalnait/article/details/81038659
今天遇到一個excel小工具感覺不錯,想研究研究代碼,竟然有密碼,我就不淡定了。網上找了找代碼,改了一下就OK了。
這種方法實際是避開VBA工程密碼驗證,即,騙vba編輯器,該密碼輸入成功,請求放行。
原理不多說了,先將方法公布:
===================================================
1.新建一個工作簿,打開,按ALT+F11,進入vba代碼編輯器窗口:
2.新建一個模塊,“插入”--“模塊”把以下代碼復制進模塊並保存。
Option Explicit
Private Declare Sub MoveMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Long, Source As Long, ByVal Length As Long)
Private Declare Function VirtualProtect Lib "kernel32" (lpAddress As Long, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long
Private Declare Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function DialogBoxParam Lib "user32" Alias "DialogBoxParamA" (ByVal hInstance As Long, ByVal pTemplateName As Long, ByVal hWndParent As Long, ByVal lpDialogFunc As Long, ByVal dwInitParam As Long) As Integer
Dim HookBytes(0 To 5) As Byte
Dim OriginBytes(0 To 5) As Byte
Dim pFunc As Long
Dim Flag As Boolean
Private Function GetPtr(ByVal Value As Long) As Long
GetPtr = Value
End Function
Public Sub RecoverBytes()
If Flag Then MoveMemory ByVal pFunc, ByVal VarPtr(OriginBytes(0)), 6
End Sub
Public Function Hook() As Boolean
Dim TmpBytes(0 To 5) As Byte
Dim p As Long
Dim OriginProtect As Long
Hook = False
pFunc = GetProcAddress(GetModuleHandleA("user32.dll"), "DialogBoxParamA")
If VirtualProtect(ByVal pFunc, 6, &H40, OriginProtect) <> 0 Then
MoveMemory ByVal VarPtr(TmpBytes(0)), ByVal pFunc, 6
If TmpBytes(0) <> &H68 Then
MoveMemory ByVal VarPtr(OriginBytes(0)), ByVal pFunc, 6
p = GetPtr(AddressOf MyDialogBoxParam)
HookBytes(0) = &H68
MoveMemory ByVal VarPtr(HookBytes(1)), ByVal VarPtr(p), 4
HookBytes(5) = &HC3
MoveMemory ByVal pFunc, ByVal VarPtr(HookBytes(0)), 6
Flag = True
Hook = True
End If
End If
End Function
Private Function MyDialogBoxParam(ByVal hInstance As Long, _
ByVal pTemplateName As Long, ByVal hWndParent As Long, _
ByVal lpDialogFunc As Long, ByVal dwInitParam As Long) As Integer
If pTemplateName = 4070 Then
MyDialogBoxParam = 1
Else
RecoverBytes
MyDialogBoxParam = DialogBoxParam(hInstance, pTemplateName, hWndParent, lpDialogFunc, dwInitParam)
Hook
End If
End Function
3.右擊sheet1工作表,“查看代碼”復制以下代碼進去並保存:
'破解
Sub Crack()
If Hook Then MsgBox "破解成功"
End Sub
'恢復
Sub Recovery()
RecoverBytes
MsgBox "恢復成功"
End Sub
4.到此,一個vba破解程序完成了,回到該工作簿窗口,文件-打開 打開需要破解vba工程密碼的工作簿.
5.運行"call 破解" 稍后你再雙擊剛才要解密的VBA工程窗體.是不是如入無人之境啊,工程保護密碼形同虛設!
6.破解完成后,請右鍵剛破解的VBA工程,在"查看工程時需要密碼"的地方復選框取消選擇,OK.完成.
7.完成后別忘了執行"call 恢復",恢復密碼保護(恢復程序的密碼保護,已被破解的文件不受影響.
(請勿用於非法途徑)