Excel VBA代码的密码保护方式如何？ [英] How password protection of Excel VBA code works?

问题描述

此问题与我以前的一个。

您可以解释或提供一个链接，说明Excel VBA代码密码保护在2007年之前实际上是如何工作的？ Excel 2007和以前版本在密码保护方面有什么区别？

Excel的密码保护实际上是否对代码进行加密？ Excel的密码删除软件如何工作？

解决方案

VBA安全被广泛认为是相当差的。 VBA代码未编译，源代码在excel文件中可用。密码保护是很容易规避的。

据了解，Office 2003及更早版本将vba代码作为工作表（或文档/介绍）。当您启动VBA IDE时，只需查看VBA代码是否已被保护。这并不意味着它被加密 - 仅供查看。理论是这样做会阻止你的用户干扰你的代码，但一个硬核编码器可以绕过密码。

所以Excel不需要要解密任何代码 - 它只需要阻止人们查看它。

Office 2007 加密宏（请不要问我如何或什么算法）。这是必要的，因为XLSM文件（或任何Office 2007文件）只是具有不同扩展名的zip文件。任何人都可以进入这些文件并戳出来。

为了回答最后一个问题 - 密码删除是如何工作在旧的Office格式，我不完全确定。不同的供应商可能会以不同的方式解决问题，但我怀疑最常见的做法是对密码进行强力攻击，直到找到匹配项。

Excel VBProject对象具有Protection属性，它将根据宏的保护状态返回不同的枚举（例如，如果宏被保护，则返回 vbext_pp_locked ）。如果要以 vbext_pp_locked 评估为false之前，以编程方式继续尝试密码，那么您将找到您的密码。

This question is related to my previous one.

Can you explain or provide a link to an explanation of how Excel VBA code password protection actually works in versions prior to 2007? What is the difference in Excel 2007 and previous versions in terms of password protection?

Also does Excel's password protection actually encrypt the code? How does Excel execute the code if it is encrypted?

Lastly, how does password removal software for excel work?

解决方案

VBA security is widely considered to be pretty poor. The VBA code isn't compiled, and the source is available in the excel file. The password protection is pretty easy to circumvent.

As I understand it, Office 2003 and earlier saves the vba code as part of the binary format of the worksheet (or document / presentation). When you fire up the VBA IDE, it simply looks to see whether the VBA code has been "protected" or not. This doesn't mean it's encrypted - just unavailable for viewing. The theory is that this stops your users from meddling with your code, but a hard-core coder would be able to get around the password.

So Excel doesn't need to unencrypt any code - it just needs to stop people from viewing it.

Office 2007 does encrypt macros (don't ask me how or what algorithm). This is necessary presumably because XLSM files (or any Office 2007 file) are just zip files with a different extension. Anyone can get into those files and poke around.

To answer your last question - how does the password removal work on older Office formats, I'm not entirely sure. Different vendors will possibly approach the problem different ways, but I suspect the most common approach will be a brute-force attack on the passwords until a match is found.

The Excel VBProject object has a Protection property which will return different enumerations depending on the protection status of the macro (vbext_pp_locked if the macro is protected, for example). If you were to keep trying passwords programmatically until the vbext_pp_locked evaluated to false, you would have found your password.

这篇关于Excel VBA代码的密码保护方式如何？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！