VBA Password Bypass

[ccuny]

Hello,

I am new to Tek-Tips. I did do a serach and I hope I am not treading old ground too much.

I have some questions on VBA passwords. There are several tools to recover lost passwords for VBA modules (I am particularly interested in Excel/VBA). For older versions, the password can be recovered. For newer versions of office (post 97 I think), apart from brute force, there is a backdoor way of removing passwords from VBA modules. I have found at least 5 tools to do that.

My questions are:

1) Can someone explain the longhand way in which passwords are removed entirely?
2) How can one protect a VBA module against the above. Presumably, it requires something a bit special. I have read somewhere a suggestions that the code should be compiled in VB, not VBA. At least, this would require a decompiler before the secuirty is breached. Has anyone done this? How is it done in practice? Can you think of other ways to protect modules better?

Thank you very much for your answers.

Chris

 

[xlbo]

1) We do not discuss the removal of passwords in this forum.
2) In terms of what you can do to try and keep your code secure, the best way would be to compile it into an add-in.

Overall however, if someone really wants to get at your work in excel, they will pretty much be able to. Excel was never designed for great security. It isn't a database and therefore does not have database security. It is a spreadsheet and generally, spreadsheets are shared.....

Just to clarify - you can make it very hard for a standard user to get at your code but if a programmer really wants to get at it, there is not a lot you can do (in excel) to stop them

 

[combo]

Hi,
the answers are:
1. No,
2. Having VB or office developer version you can create COM add-in or compile dll file, otherwise there is no way to protect code inside excel file.

combo

 

[ccuny]

Thank you both. Combo, what is Office Developer? I think the rest of the answer points to what I read about, namely compiling in VB rather than keeping in VBA.

Any comments on COM add-in versus DLL (same thing in effect?) welcome.

 

[xlbo]

Not 100% but I think add-ins would be automatically loaded into the excel application - you would probably have to manually reference a DLL

 

[combo]

Not sure about office 2003 (can have VS Tools for Office), but in previous ms offices (2000, xp) a developer edition it is a package set (like standard, professional, premium, depending on applications contained) with developer tools, as access run-time, additional activex controls and extended vba capabilities (as creation of standalone dll projects and com add-ins, including compilation).
COM add-in is, a dll or exe component, that uses com IDTExtensibility interface, that extends given application functionality. Com add-in can be created with various tools, as VB, VBA (office developer edition), C++ and others.
Some information can be found on MSDN pages:

http://msdn.microsoft.com/office/

combo

 

[ccuny]

Thanks Combo.

Read some some on add-in security last night (went and bought the whole Excel VBA shop: a lot has changed since I last used VBA). It looks relatively easy to convert to an add-in, so I will just concentrate on the task and convert after.

Combo/xlbo, thank you both very much for taking the time to respond. Much appreciated.

Chris