UK XL User Conference 2006 Converting XLA add-ins to COM Add-ins with VB6.0 Simon Murphy Developer – Codematic Ltd

UK XL User Conference 2006 Spreadsheet background Up to 200 Mb size Up to 1 Million formulas 1-10,000 unique formulas 5-10,000 lines of VBA £Billions in values Often linked to other technologies such as OLAP, ADO, COM or.net etc. Finance, Banking and Sales and Marketing areas Development cost up to $1M Active member of Eusprig – European Spreadsheet Risk group – dedicated to raising awareness of dangers and error rates in commercial spreadsheets

UK XL User Conference 2006 Agenda Solution design patterns What is COM? Reasons for using COM Reasons for avoiding COM Automation Add-ins Intro to toolbar XLA Intro to VB6 Add-in projects Discussion of IDTExtensibility2 Structure of an Excel Add-in Code and test Package and deployment.net

UK XL User Conference 2006 Security Is everybodys concern Spreadsheets can be used as a staging board for privilege escalation (with your login details!) Consider SD 3 +C –Secure by Design Default Deployment Communication Threat Modelling – Assets, Threats Threat Types – STRIDE –(Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) Threats – rate with DREAD –(Damage potential, Reproducibility, Exploitability, Affected Users, Discoverability) Spreadsheets (all flavours) are fairly insecure –Compiled UDFs (.net, COM, XLL) and Database servers can help Set macro security to high and use code signing certificates. See Microsoft MOC 2840A – Implementing security for more info.

UK XL User Conference 2006 Solution design patterns

UK XL User Conference 2006 What is COM? COM – Component Object Model, also known as ActiveX and automation. Allows interoperability between heterogeneous systems Revolves around registering (and then searching) interfaces in the Windows registry Excel looks in the registry at certain times and can load and use what it finds. VB is the language of COM, but COM components can be written in many languages, including.net Can be expensive performance-wise

UK XL User Conference 2006 Possible reasons for using COM add-ins 1.Improved security (from meddlers and malicious users) 2.Improved intellectual property protection 3.Better forms engine, and richer UI features 4.Better development tool support 5.Installed so may avoid macro security warnings (depends on settings) 6.Code is out of the VBAIDE (Project Explorer) 7.If functionality is used by multiple workbooks 8.If functionality is used by multiple office apps 9.If embedded workbook not required 10.If determined to use a none VB language (eg: C#/C++) 11.Possible application stability? 12.Possible execution speed improvements???

UK XL User Conference 2006 Possible reasons for avoiding COM add-ins 1.VB6 is out of mainstream support 2.Targets Office 2000 or newer not net may supercede COM 4.More complex development than XLAs 5.More complex testing than XLAs 6.More complex deployment than XLAs 7.Solution design uses an internal workbook 8.VB runtime library required on client 9.Access to development tools may be difficult 10.Security concerns of potential users

UK XL User Conference 2006 One performance test

UK XL User Conference 2006 Automation v COM Add-in Automation Add-ins are COM add-ins that can be called directly from a worksheet cell. COM Add-ins –Must Implement IDTExtensibility2 –Generally load on Excel start up (can be changed) Automation Add-ins –May Implement IDTExtensibility2 (discouraged) –Loaded on demand only

UK XL User Conference 2006 Agenda (again) Solution design patterns What is COM? Reasons for using COM Reasons for avoiding COM Automation Add-ins Intro to toolbar XLA Intro to VB6 Add-in projects Discussion of IDTExtensibility2 Structure of a COM Excel Add-in Code and test Package and deployment.net

UK XL User Conference 2006 Toolbar The issue: –Opening files from other people causes the reviewing toolbar to appear, there is no obvious way to turn this off. (possible registry setting?) Solution –Capture the workbook open event and close the toolbar, that seemed too early so capture the activate event and close it there. Requires no use of worksheet, may be useful in other office apps. Just for me so no deployment problems, active all the time so better out of the VBA IDE – Ideal candidate for a COM add-in.

UK XL User Conference 2006 Migration 1.Code sensibly in VBA, with a view to migration 2.Provide a user interface 3.create a class to wrap the application to trap events 4.Add a global variable to represent the application as an instance of this class 5.Create folder for VB project 6.Export Excel VBA code files to VB project folder 7.In VB6 create a new add-in project in that folder 8.Set designer to Excel 9.Import code files 10.Set application to be correct type 11.Manage application object lifecycle 12.manage user interface actions and lifecycle 13.Add start up code 14.Debug and deploy.

UK XL User Conference 2006 IDTExtensibility2 Private Sub IDTExtensibility2_OnConnection( Private Sub IDTExtensibility2_OnDisconnection( Private Sub IDTExtensibility2_OnStartupComplete( Private Sub IDTExtensibility2_OnAddInsUpdate( Private Sub IDTExtensibility2_OnBeginShutdown( (Populated by a wizard, just need tidying up)

UK XL User Conference 2006 Basic COM Add-in Structure

UK XL User Conference 2006 COM Shims What are they? –COM dll that loads Mscoree.dll which then loads our managed component –Excel>>COMSHIM>>Mscoree>>MyAddin.dll Why use them? –Security (code signing) –AppDomain Isolation Protect other apps from failures in our component Protect our component from other failures

UK XL User Conference 2006 Questions? –Spreadsheet consulting, reviewing, maintaining, rescuing, migrating, add-in development etc. –Staff coaching, mentoring and training Websites – –