Two ways to crack VBA encryption code
The first type:
Sub VBAPassword1() 'You want to protectExcelFile path
Filename = ("Excel file (*.xls & *.xla & *.xlt),*.xls;*.xla;*.xlt", , "VBA crack")
If Dir(Filename) = "" Then
MsgBox "No relevant files were found,Clear reset。"
Exit Sub
Else
FileCopy Filename, Filename & ".bak" 'Backup files。
End If
Dim GetData As String * 5
Open Filename For Binary As #1
Dim CMGs As Long
Dim DPBo As Long
For i = 1 To LOF(1)
Get #1, i, GetData
If GetData = "CMG=""" Then CMGs = i
If GetData = "[Host" Then DPBo = i - 2: Exit For
Next
If CMGs = 0 Then
MsgBox "Please set a protection password for VBA encoding first...", 32, "hint"
Exit Sub
End If
Dim St As String * 2
Dim s20 As String * 1
'Get a 0D0A hexadecimal string
Get #1, CMGs - 2, St
'Get one20Sixteen string
Get #1, DPBo + 16, s20
'Replace encrypted parts of the machine code
For i = CMGs To DPBo Step 2
Put #1, i, St
Next
'Add unpaired symbols
If (DPBo - CMGs) Mod 2 <> 0 Then
Put #1, DPBo + 1, s20
End If
MsgBox "File decryption successfully...", 32, "hint"
Close #1
End Sub
The second type:
Option Explicit
Private Declare Sub MoveMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Long, Source As Long, ByVal Length As Long)
Private Declare Function VirtualProtect Lib "kernel32" (lpAddress As Long, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long
Private Declare Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function DialogBoxParam Lib "user32" Alias "DialogBoxParamA" (ByVal hInstance As Long, ByVal pTemplateName As Long, ByVal hWndParent As Long, ByVal lpDialogFunc As Long, ByVal dwInitParam As Long) As Integer
Dim HookBytes(0 To 5) As Byte
Dim OriginBytes(0 To 5) As Byte
Dim pFunc As Long
Dim Flag As Boolean
Private Function GetPtr(ByVal Value As Long) As Long
GetPtr = Value
End Function
Public Sub RecoverBytes()
If Flag Then MoveMemory ByVal pFunc, ByVal VarPtr(OriginBytes(0)), 6
End Sub
Public Function Hook() As Boolean
Dim TmpBytes(0 To 5) As Byte
Dim p As Long
Dim OriginProtect As Long
Hook = False
pFunc = GetProcAddress(GetModuleHandleA(""), "DialogBoxParamA")
If VirtualProtect(ByVal pFunc, 6, &H40, OriginProtect) <> 0 Then
MoveMemory ByVal VarPtr(TmpBytes(0)), ByVal pFunc, 6
If TmpBytes(0) <> &H68 Then
MoveMemory ByVal VarPtr(OriginBytes(0)), ByVal pFunc, 6
p = GetPtr(AddressOf MyDialogBoxParam)
HookBytes(0) = &H68
MoveMemory ByVal VarPtr(HookBytes(1)), ByVal VarPtr(p), 4
HookBytes(5) = &HC3
MoveMemory ByVal pFunc, ByVal VarPtr(HookBytes(0)), 6
Flag = True
Hook = True
End If
End If
End Function
Private Function MyDialogBoxParam(ByVal hInstance As Long, _
ByVal pTemplateName As Long, ByVal hWndParent As Long, _
ByVal lpDialogFunc As Long, ByVal dwInitParam As Long) As Integer
If pTemplateName = 4070 Then
MyDialogBoxParam = 1
Else
RecoverBytes
MyDialogBoxParam = DialogBoxParam(hInstance, pTemplateName, hWndParent, lpDialogFunc, dwInitParam)
Hook
End If
End Function
Sub Crack()
If Hook Then MsgBox "Cracking successfully"
End Sub
This article comes from Blog Park, author:Zhang Hanbo, please indicate the original link when reprinting:/vbashuo/p/
This is the end of this article about cracking VBA engineering encryption in two ways. For more related VBA engineering encryption content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!