Solved

How can I prevent re-engineering the VBA code from an .MDE

Posted on 2006-11-16
20
725 Views
Last Modified: 2013-12-05
is it possible to re-engineer the VBA code from an .MDE file? I recently saw a link with this very subject (and steps to prevent this from happening), but I can't get back to it.

If this can be done, is there a way to prevent it?

Thanks.
0
Comment
Question by:Alaska Cowboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +3
20 Comments
 
LVL 8

Expert Comment

by:infolurk
ID: 17961738
From what I can gather you its either very difficult or impossible to decompile an MDE to edit VBA code.
It is possible and there are tools available to edit an MDE to view table information and create macros and new database objects. It is not possible (as far as I know) to edit existing forms, queries or VBA.

Cheers
Steve
0
 
LVL 61

Expert Comment

by:mbizup
ID: 17961878
Hi Bill,

It is possible to reverse engineer the vba in an MDE file if you're familiar with machine code.  There are also products available to do that for you.  There are also products available that claim to make it very difficult to get useful VBA code from an MDE by removing information about the variables, function names, etc.  Surprisingly, some vendors offer both :-)
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 17962286
infolurk, I thought the same thing. but I do remember seeing a web site that cautioned against the possibility of someone re-engineering your code.

Miriam,

hi, how's it going? Is an MDE good enough, or do you protect your code with one of these tools? If so, do you have a link?

btw, I am still working feverishly on my Access project, I think it's tons better than when you saw it. Well, at least it works for me . . .
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:infolurk
ID: 17962355
Cheers Bill.
Good luck with your project.
0
 
LVL 61

Accepted Solution

by:
mbizup earned 70 total points
ID: 17962357
Bill,

It's going well, thanks :-).  From the nature of this question, it sounds like your database is really moving along.  Honestly, I have never tried these products myself so I can't vouch for them.  I just know they are out there and am familiar with how they work at a very general level.  A google search will bring up plenty.

>Is an MDE good enough...?
From my perspective, yes.  Most of the db's I develop are organization-specific, and never make it to the MDE stage.  We rely largely on trusted users and network security.  It depends on the nature of your product, its users and deployment and what you stand to lose.  In my case, the source code and database design are the among least of my worries.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 17962395
Miriam,

well, it's going out to the masses and in anticipation of a killer app I am paranoid about the code. It's about as tight as one can reasonably expect. PDP and Jerryb30 helped me recently on this. One good link from PDB is  http://www.aadconsulting.com/acdbmechanic.html).

0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 17962400
I found it !

http://www.everythingaccess.com/mdeprotector.htm

From the site: "Worried that someone will reverse engineer your VBA code?... Make it less worthwhile for them by removing redundant "compiler junk" from MDE (or ADE) files using this easy to use utility"
0
 
LVL 61

Expert Comment

by:mbizup
ID: 17962401
0
 
LVL 61

Expert Comment

by:mbizup
ID: 17962407
There you go :-) I think we hit the same one from different vendors.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 17962424
Well, it still blows my mind . . .

an MDE file can be reverse engineered to great accuracy ! I thought I was good-to-go with an MDE file.

So, about the time my product hits the front page of Dr. Dobbs journal, someone will get my source code !

Using the tool above removes variable names but still the code is readable, you just can't decipher too easily what is happening with variable1, varaiable2, etc.



Have a look, http://www.everythingaccess.com/mdeprotector_example.htm
0
 
LVL 61

Assisted Solution

by:mbizup
mbizup earned 70 total points
ID: 17962499
A lot of security-related questions here seem to boil down to "How secure is my database?".  The resounding answer is "it's not".  In applying security measures, I believe the objective is to set up obstacles to make it difficult to compromise db security (that level of difficulty and effort varies depending on your needs).  But if someone with adequate brains and determination really wants to crack the code...
0
 
LVL 44

Assisted Solution

by:Leigh Purvis
Leigh Purvis earned 60 total points
ID: 17962584
I'm not entirely sure who'd bother to be honest.

Not trying to insult your code or anything ;-)  but unless you've written something brand new and inventive in VBA terms, then all your code relates directly to making your particular application work well.
Which would only be of use to someone ripping off a direct copy of your application and going against it head to head no?
And that would be a HUGE step for any company to take.  They'd be risking their entire business over saving themselves some development time.

Yes mde decompilers are becomming common - but I'd imagine the biggest users of them should be careless users who've lost the mdb, interested/nosey learners looking to see someone else's code, curious companies with existing competitor products checking to see they've not missed anything (with the last group being the least common - I may be giving human nature too much faith over business tactics, but that wouldn't be like me to do so!)
0
 
LVL 10

Assisted Solution

by:Luke Chung
Luke Chung earned 60 total points
ID: 17962689
Code obfuscation is a feature included in our Total Visual CodeTools product.  It lets you rename all your constants, variables, and private procedures to a letter and number.  It strips out all the comments, blank lines, blank spaces, etc.  It doesn't prevent someone from reverse engineering an MDE, but it does make the results less useful. FWIW, .NET suffers from similar problems.

Total Visual CodeTools also offers a variety of other coding utilities in order of my favorites:

1. Line numbering so your error handler can pinpoint exactly what line of code a crash occurs

2. New procedure builder with custom error handling and commenting structures built-in

3. Long text converter which converts strings like SQL code into a variable assignment in VBA code taking into account double quotes.

4. Code Cleanup to cleanup someone else's code (standardizes indentations, applies variable naming conventions, adds error handling to procedures that lack it, etc.)

5. Keystroke recorder

Plus lots of other useful builders and coding tools.

Visit here for more information including a demo: http://www.fmsinc.com/Products/codetools/index.html

Good luck,

Luke

0
 
LVL 38

Assisted Solution

by:puppydogbuddy
puppydogbuddy earned 60 total points
ID: 17962730
Hi  Everybody,
Bill, did you ever check out the encryption link I gave you on another post?

            http://www.cypherix.co.uk/cryptainerle/index.htm?adv=enc_ing

Supposedly (I have never used it), you can set it up so that your program installs to an encrypted container (e.g. directory) and the container works on the osmosis principle (licensees can get in the container in unencrypted fashion.......but anything coming out of the container (e.g. a copy of program) is encrypted.


PDB
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 17963994
sorry, I fell asleep while the discussion was in full gear ! Thanks to all for the comments.

EE is like computer games (which I don't play). New doors keep being opened and inside is a whole new world . . .

Main point I learned in the last week is that it is possible to re-engineer MDE code; I thought the whole point was that the code is stripped out so how could one get the code? Live and learn. Anyway . . .

Miriam, I have built in lots of obstacles so I think it's about as protected as possible (except for maybe the MDE protector)

LPurvis, I agree with your points. Yes, the code is not ground-breaking :-( but I just have a mindset of protecting the code (and my investment) as much as possible, so was inquiring about the MDE re-engineering situation. At the moment, $130 for the MDE protector is not worth it . . . I guess I'm a somewhat of a neophyte, it's still odd that the point of an MDE is to strip out the code (for security I assume) yet it can be re-built. I figured stripping out the code meant it was a .exe of sorts (all binary) that was not readable at all. But pretty much with computers, if someone can break it, they will, corporate or otherwise. It's pretty much like EE, in the negative way.

Luke, I like the tool, it looks awesome ! But my risk management cut-off point (budget) doesn't require getting the tool, but it looks awesome. Also, the fact that .Net suffers from the same risk is interesting . . .

PDB, yes I did look at this when you posted - that was a long time ago! (so sorry for the semi-repeat). I even tried it out and can't remember for sure but it created some pretty big size barrier that I wasn't willing to wrestle with. But I like what it says "Impossible to break" - THAT'S what I'm looking for (but still not necessary at this point).

Thanks to all !


0
 
LVL 44

Expert Comment

by:Leigh Purvis
ID: 17964029
Fair enough - though try not to judge mde's too harshly.
They were secure for a long time.
Virtually everything gets cracked eventually.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 17964086
LPurvis, yes, I sit outside the office of the directory of computer security at a large organization - there's a lot of money to be made in security !

so I think I'm fine where I am with an MDE and will go with that (until I make it to the big leagues . . . )
0
 
LVL 10

Expert Comment

by:Luke Chung
ID: 17964653
Hi William,

From a computer perspective, the challenge is that at a root level, the computer needs the instructions to run it's processes, so it's always possible to reverse engineer machine code.  That's not limited to Access, .NET, or Windows.

The primary purpose of MDE's is to make it difficult for users to modify the code in it. It doesn't prevent users from modifying other parts of it like tables, queries, macros, etc.  Programs such as Excel don't even have an MDE feature, so its code is always exposed.  We know people who use Total Visual CodeTools to obfuscate their Excel VBA code.

Sorry to hear your organization doesn't have the budget to buy additional tools. Hopefully, over time you'll find professional solutions from organizations like FMS to be helpful for increasing your productivity. If you're starting, I would recommend you look at our Total Visual SourceBook product with its royalty-free source code and Total Access Analyzer which will help you diagnose your work for opportunities to apply best practices, increase performance, and fix errors before you ship.  See www.fmsinc.com for more info.

Good luck and welcome to the Access community.

Luke
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 17964878
Luke,

thanks for the follow up, very helpful. As far as the budget, I'm working in the garage at night  . . . and corporate during the day :-)

About re-engineering the code, I guess my perspective was a mainframe, which I worked on a while ago, not extensively. What I remember is - if you lose the source code (on a mainframe) - you're toast. Get another job . . .

But I really like FMS tools and have bookmarked them. Thanks.
0
 
LVL 10

Expert Comment

by:Luke Chung
ID: 17964980
Understood.  FMS started in a similar way.  Good luck.  

Luke
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes two methods for creating a combo box that can be used to add new items to the row source -- one for simple lookup tables, and one for a more complex row source where the new item needs data for several fields.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question