国产∨亚洲V天堂无码久久久,久久99中文字幕久久,一本久久a久久精品vr综合

破解SQL2005(SQL2008)的存儲(chǔ)過程的存儲(chǔ)過程

轉(zhuǎn)載自:http://www.cnblogs.com/amaoxp/archive/2009/06/08/1499038.html

問題一： DAC連接問題

自己嘗試了n次，最后總結(jié)一下連接步驟：

1 先用有sysadmin角色的用戶登陸SQL Server Management Studio；

2 在工具欄上選數(shù)據(jù)庫(kù)引擎查詢；服務(wù)器名稱改為 ADMIN:服務(wù)器名稱；選項(xiàng)>連接屬性>連接到數(shù)據(jù)庫(kù) 改為加密存儲(chǔ)過程所在的數(shù)據(jù)庫(kù)；連接

3 運(yùn)行解密的存儲(chǔ)過程；

問題二：可用的存儲(chǔ)過程解密代碼

SQLServer2005里怎樣對(duì)使用with encryption選項(xiàng)創(chuàng)建的存儲(chǔ)過程解密

--王成輝翻譯整理，轉(zhuǎn)貼請(qǐng)注明出自微軟BI開拓者www.windbi.com
--原帖地址

SQLServer2005里使用with encryption選項(xiàng)創(chuàng)建的存儲(chǔ)過程仍然和sqlserver2000里一樣，都是使用XOR進(jìn)行了的加密。和2000不一樣的是，在2005的系統(tǒng)表syscomments里已經(jīng)查不到加密過的密文了。要查密文必須使用DAC（專用管理員連接）連接到數(shù)據(jù)庫(kù)后，在系統(tǒng)表sys.sysobjvalues查詢，該表的列imageval存儲(chǔ)了相應(yīng)的密文。具體可以使用下面的查詢：

SELECT imageval FROM sys.sysobjvalues WHERE objid = object_id(@procedure) AND
valclass = 1 AND subobjid = 1

下面是解密的存儲(chǔ)過程，具體代碼如下(這是版本4.0，最新的，修正很長(zhǎng)的存儲(chǔ)過程解密出來(lái)是空白的問題)：

Create PROCEDURE [dbo].[sp__windbi$decrypt]

(@procedure sysname = NULL, @revfl int = 1)

王成輝翻譯整理，轉(zhuǎn)貼請(qǐng)注明出自微軟BI開拓者www.windbi.com

調(diào)用形式為：

exec dbo.sp__windbi$decrypt @procedure,0

如果第二個(gè)參數(shù)使用1的話，會(huì)給出該存儲(chǔ)過程的一些提示。

--版本4.0 修正存儲(chǔ)過程過長(zhǎng)解密出來(lái)是空白的問題

SET NOCOUNT ON

IF @revfl = 1

BEGIN

PRINT '警告：該存儲(chǔ)過程會(huì)刪除并重建原始的存儲(chǔ)過程。'

PRINT ' 在運(yùn)行該存儲(chǔ)過程之前確保你的數(shù)據(jù)庫(kù)有一個(gè)備份。'

PRINT ' 該存儲(chǔ)過程通常應(yīng)該運(yùn)行在產(chǎn)品環(huán)境的一個(gè)備份的非產(chǎn)品環(huán)境下。'

PRINT ' 為了運(yùn)行這個(gè)存儲(chǔ)過程，將參數(shù)@refl的值更改為0。'

RETURN 0

END

DECLARE @intProcSpace bigint, @t bigint, @maxColID smallint,@procNameLength int

select @maxColID = max(subobjid) FROM

sys.sysobjvalues WHERE objid = object_id(@procedure)

--select @maxColID as 'Rows in sys.sysobjvalues'

select @procNameLength = datalength(@procedure) + 29

DECLARE @real_01 nvarchar(max)

DECLARE @fake_01 nvarchar(max)

DECLARE @fake_encrypt_01 nvarchar(max)

DECLARE @real_decrypt_01 nvarchar(max),@real_decrypt_01a nvarchar(max)

declare @objtype varchar(2),@ParentName nvarchar(max)

select @real_decrypt_01a = ''

--提取對(duì)象的類型如是存儲(chǔ)過程還是函數(shù)，如果是觸發(fā)器，還要得到其父對(duì)象的名稱

select @objtype=type,@parentname=object_name(parent_object_id)

from sys.objects where [object_id]=object_id(@procedure)

-- 從sys.sysobjvalues里提出加密的imageval記錄

SET @real_01=(SELECT top 1 imageval FROM sys.sysobjvalues WHERE objid =

object_id(@procedure) and valclass = 1 order by subobjid)

--創(chuàng)建一個(gè)臨時(shí)表

create table #output ( [ident] [int] IDENTITY (1, 1) NOT NULL ,

[real_decrypt] NVARCHAR(MAX) )

--開始一個(gè)事務(wù)，稍后回滾

BEGIN TRAN

--更改原始的存儲(chǔ)過程，用短橫線替換

if @objtype='P'

SET @fake_01='ALTER PROCEDURE '+ @procedure +' WITH ENCRYPTION AS select 1

/*'+REPLICATE(cast('*'as nvarchar(max)), datalength(@real_01) /2 - @procNameLength)+'*/'

else if @objtype='FN'

SET @fake_01='ALTER FUNCTION '+ @procedure +'() RETURNS INT WITH ENCRYPTION AS BEGIN RETURN 1

/*'+REPLICATE(cast('*'as nvarchar(max)), datalength(@real_01) /2 - @procNameLength)+'*/ END'

else if @objtype='V'

SET @fake_01='ALTER view '+ @procedure +' WITH ENCRYPTION AS select 1 as col

/*'+REPLICATE(cast('*'as nvarchar(max)), datalength(@real_01) /2 - @procNameLength)+'*/'

else if @objtype='TR'

SET @fake_01='ALTER trigger '+ @procedure +' ON '+@parentname+'WITH ENCRYPTION AFTER INSERT AS RAISERROR (''N'',16,10)

/*'+REPLICATE(cast('*'as nvarchar(max)), datalength(@real_01) /2 - @procNameLength)+'*/'

EXECUTE (@fake_01)

--從sys.sysobjvalues里提出加密的假的

SET @fake_encrypt_01=(SELECT top 1 imageval FROM sys.sysobjvalues WHERE objid =

object_id(@procedure) and valclass = 1 order by subobjid )

if @objtype='P'

SET @fake_01='Create PROCEDURE '+ @procedure +' WITH ENCRYPTION AS select 1

/*'+REPLICATE(cast('*'as nvarchar(max)), datalength(@real_01) /2 - @procNameLength)+'*/'

else if @objtype='FN'

SET @fake_01='CREATE FUNCTION '+ @procedure +'() RETURNS INT WITH ENCRYPTION AS BEGIN RETURN 1

/*'+REPLICATE(cast('*'as nvarchar(max)), datalength(@real_01) /2 - @procNameLength)+'*/ END'

else if @objtype='V'

SET @fake_01='Create view '+ @procedure +' WITH ENCRYPTION AS select 1 as col

/*'+REPLICATE(cast('*'as nvarchar(max)), datalength(@real_01) /2 - @procNameLength)+'*/'

else if @objtype='TR'

SET @fake_01='Create trigger '+ @procedure +' ON '+@parentname+'WITH ENCRYPTION AFTER INSERT AS RAISERROR (''N'',16,10)

/*'+REPLICATE(cast('*'as nvarchar(max)), datalength(@real_01) /2 - @procNameLength)+'*/'

--開始計(jì)數(shù)

SET @intProcSpace=1

--使用字符填充臨時(shí)變量

SET @real_decrypt_01 = replicate(cast('A'as nvarchar(max)), (datalength(@real_01) /2 ))

--循環(huán)設(shè)置每一個(gè)變量，創(chuàng)建真正的變量

--每次一個(gè)字節(jié)

SET @intProcSpace=1

--如有必要，遍歷每個(gè)@real_xx變量并解密

WHILE @intProcSpace<=(datalength(@real_01)/2)

BEGIN

--真的和假的和加密的假的進(jìn)行異或處理

SET @real_decrypt_01 = stuff(@real_decrypt_01, @intProcSpace, 1,

NCHAR(UNICODE(substring(@real_01, @intProcSpace, 1)) ^

(UNICODE(substring(@fake_01, @intProcSpace, 1)) ^

UNICODE(substring(@fake_encrypt_01, @intProcSpace, 1)))))

SET @intProcSpace=@intProcSpace+1

END

--通過sp_helptext邏輯向表#output里插入變量

insert #output (real_decrypt) select @real_decrypt_01

--select real_decrypt AS '#output chek' from #output --測(cè)試

-- -------------------------------------

--開始從sp_helptext提取

-- -------------------------------------

declare @dbname sysname

,@BlankSpaceAdded int

,@BasePos int

,@CurrentPos int

,@TextLength int

,@LineId int

,@AddOnLen int

,@LFCR int --回車換行的長(zhǎng)度

,@DefinedLength int

,@SyscomText nvarchar(max)

,@Line nvarchar(255)

Select @DefinedLength = 255

SELECT @BlankSpaceAdded = 0 --跟蹤行結(jié)束的空格。注意Len函數(shù)忽略了多余的空格

CREATE TABLE #CommentText

(LineId int

,Text nvarchar(255) collate database_default)

--使用#output代替sys.sysobjvalues

DECLARE ms_crs_syscom CURSOR LOCAL

FOR SELECT real_decrypt from #output

ORDER BY ident

FOR READ ONLY

--獲取文本

SELECT @LFCR = 2

SELECT @LineId = 1

OPEN ms_crs_syscom

FETCH NEXT FROM ms_crs_syscom into @SyscomText

WHILE @@fetch_status >= 0

BEGIN

SELECT @BasePos = 1

SELECT @CurrentPos = 1

SELECT @TextLength = LEN(@SyscomText)

WHILE @CurrentPos != 0

BEGIN

--通過回車查找行的結(jié)束

SELECT @CurrentPos = CHARINDEX(char(13)+char(10), @SyscomText,

@BasePos)

--如果找到回車

IF @CurrentPos != 0

BEGIN

--如果@Lines的長(zhǎng)度的新值比設(shè)置的大就插入@Lines目前的內(nèi)容并繼續(xù)

While (isnull(LEN(@Line),0) + @BlankSpaceAdded +

@CurrentPos-@BasePos + @LFCR) > @DefinedLength

BEGIN

SELECT @AddOnLen = @DefinedLength-(isnull(LEN(@Line),0) +

@BlankSpaceAdded)

INSERT #CommentText VALUES

( @LineId,

isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,

@BasePos, @AddOnLen), N''))

SELECT @Line = NULL, @LineId = @LineId + 1,

@BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded = 0

END

SELECT @Line = isnull(@Line, N'') +

isnull(SUBSTRING(@SyscomText, @BasePos, @CurrentPos-@BasePos + @LFCR), N'')

SELECT @BasePos = @CurrentPos+2

INSERT #CommentText VALUES( @LineId, @Line )

SELECT @LineId = @LineId + 1

SELECT @Line = NULL

END

ELSE

--如果回車沒找到

BEGIN

IF @BasePos <= @TextLength

BEGIN

--如果@Lines長(zhǎng)度的新值大于定義的長(zhǎng)度

While (isnull(LEN(@Line),0) + @BlankSpaceAdded +

@TextLength-@BasePos+1 ) > @DefinedLength

BEGIN

SELECT @AddOnLen = @DefinedLength -

(isnull(LEN(@Line),0) + @BlankSpaceAdded)

INSERT #CommentText VALUES

( @LineId,

isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,

@BasePos, @AddOnLen), N''))

SELECT @Line = NULL, @LineId = @LineId + 1,

@BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded =

END

SELECT @Line = isnull(@Line, N'') +

isnull(SUBSTRING(@SyscomText, @BasePos, @TextLength-@BasePos+1 ), N'')

if LEN(@Line) < @DefinedLength and charindex(' ',

@SyscomText, @TextLength+1 ) > 0

BEGIN

SELECT @Line = @Line + ' ', @BlankSpaceAdded = 1

END

FETCH NEXT FROM ms_crs_syscom into @SyscomText

END

IF @Line is NOT NULL

INSERT #CommentText VALUES( @LineId, @Line )

select Text from #CommentText order by LineId

CLOSE ms_crs_syscom

DEALLOCATE ms_crs_syscom

DROP TABLE #CommentText

-- -------------------------------------

--結(jié)束從sp_helptext提取

-- -------------------------------------

--刪除用短橫線創(chuàng)建的存儲(chǔ)過程并重建原始的存儲(chǔ)過程

ROLLBACK TRAN

DROP TABLE #output

ALTER PROCEDURE [dbo].[sp__windbi$decrypt]

(@procedure sysname = NULL, @revfl int = 1)

王成輝翻譯整理，轉(zhuǎn)貼請(qǐng)注明出自微軟BI開拓者www.windbi.com

目前這個(gè)存儲(chǔ)過程只能解密存儲(chǔ)過程，至于解密函數(shù)、觸發(fā)器、視圖的存儲(chǔ)過程本網(wǎng)站會(huì)進(jìn)一步關(guān)注，調(diào)用形式為：

exec dbo.sp__windbi$decrypt @procedure,0

如果第二個(gè)參數(shù)使用1的話，會(huì)給出該存儲(chǔ)過程的一些提示。

--版本2.0

SET NOCOUNT ON

IF @revfl = 1

BEGIN

PRINT '警告：該存儲(chǔ)過程會(huì)刪除并重建原始的存儲(chǔ)過程。'

PRINT ' 在運(yùn)行該存儲(chǔ)過程之前確保你的數(shù)據(jù)庫(kù)有一個(gè)備份。'

PRINT ' 該存儲(chǔ)過程通常應(yīng)該運(yùn)行在產(chǎn)品環(huán)境的一個(gè)備份的非產(chǎn)品環(huán)境下。'

PRINT ' 為了運(yùn)行這個(gè)存儲(chǔ)過程，將參數(shù)@refl的值更改為0。'

RETURN 0

END

DECLARE @intProcSpace bigint, @t bigint, @maxColID smallint,@intEncrypted

tinyint,@procNameLength int

select @maxColID = max(subobjid),@intEncrypted = imageval FROM

sys.sysobjvalues WHERE objid = object_id(@procedure)

GROUP BY imageval

--select @maxColID as 'Rows in sys.sysobjvalues'

select @procNameLength = datalength(@procedure) + 29

DECLARE @real_01 nvarchar(max)

DECLARE @fake_01 nvarchar(max)

DECLARE @fake_encrypt_01 nvarchar(max)

DECLARE @real_decrypt_01 nvarchar(max),@real_decrypt_01a nvarchar(max)

declare @objtype varchar(2),@ParentName nvarchar(max)

select @real_decrypt_01a = ''

--提取對(duì)象的類型如是存儲(chǔ)過程還是函數(shù)，如果是觸發(fā)器，還要得到其父對(duì)象的名稱

select @objtype=type,@parentname=object_name(parent_object_id)

from sys.objects where [object_id]=object_id(@procedure)

-- 從sys.sysobjvalues里提出加密的imageval記錄

SET @real_01=(SELECT top 1 imageval FROM sys.sysobjvalues WHERE objid =

object_id(@procedure) and valclass = 1 order by subobjid)

--創(chuàng)建一個(gè)臨時(shí)表

create table #output ( [ident] [int] IDENTITY (1, 1) NOT NULL ,

[real_decrypt] NVARCHAR(MAX) )

--開始一個(gè)事務(wù)，稍后回滾

BEGIN TRAN

--更改原始的存儲(chǔ)過程，用短橫線替換

if @objtype='P'

SET @fake_01='ALTER PROCEDURE '+ @procedure +' WITH ENCRYPTION AS

'+REPLICATE('-', 40003 - @procNameLength)

else if @objtype='FN'

SET @fake_01='ALTER FUNCTION '+ @procedure +'() RETURNS INT WITH ENCRYPTION AS BEGIN RETURN 1

/*'+REPLICATE('*', datalength(@real_01) /2 - @procNameLength)+'*/ END'

else if @objtype='V'

SET @fake_01='ALTER view '+ @procedure +' WITH ENCRYPTION AS select 1 as col

/*'+REPLICATE('*', datalength(@real_01) /2 - @procNameLength)+'*/'

else if @objtype='TR'

SET @fake_01='ALTER trigger '+ @procedure +' ON '+@parentname+' WITH ENCRYPTION AFTER INSERT AS RAISERROR (''N'',16,10)

/*'+REPLICATE('*', datalength(@real_01) /2 - @procNameLength)+'*/'

EXECUTE (@fake_01)

--從sys.sysobjvalues里提出加密的假的

SET @fake_encrypt_01=(SELECT top 1 imageval FROM sys.sysobjvalues WHERE objid =

object_id(@procedure) and valclass = 1 order by subobjid )

if @objtype='P'

SET @fake_01='Create PROCEDURE '+ @procedure +' WITH ENCRYPTION AS

'+REPLICATE('-', 40003 - @procNameLength)

else if @objtype='FN'

SET @fake_01='CREATE FUNCTION '+ @procedure +'() RETURNS INT WITH ENCRYPTION AS BEGIN RETURN 1

/*'+REPLICATE('*', datalength(@real_01) /2 - @procNameLength)+'*/ END'

else if @objtype='V'

SET @fake_01='Create view '+ @procedure +' WITH ENCRYPTION AS select 1 as col

/*'+REPLICATE('*', datalength(@real_01) /2 - @procNameLength)+'*/'

else if @objtype='TR'

SET @fake_01='Create trigger '+ @procedure +' ON '+@parentname+' WITH ENCRYPTION AFTER INSERT AS RAISERROR (''N'',16,10)

/*'+REPLICATE('*', datalength(@real_01) /2 - @procNameLength)+'*/'

--開始計(jì)數(shù)

SET @intProcSpace=1

--使用字符填充臨時(shí)變量

SET @real_decrypt_01 = replicate(N'A', (datalength(@real_01) /2 ))

--循環(huán)設(shè)置每一個(gè)變量，創(chuàng)建真正的變量

--每次一個(gè)字節(jié)

SET @intProcSpace=1

--如有必要，遍歷每個(gè)@real_xx變量并解密

WHILE @intProcSpace<=(datalength(@real_01)/2)

BEGIN

--真的和假的和加密的假的進(jìn)行異或處理

SET @real_decrypt_01 = stuff(@real_decrypt_01, @intProcSpace, 1,

NCHAR(UNICODE(substring(@real_01, @intProcSpace, 1)) ^

(UNICODE(substring(@fake_01, @intProcSpace, 1)) ^

UNICODE(substring(@fake_encrypt_01, @intProcSpace, 1)))))

SET @intProcSpace=@intProcSpace+1

END

--通過sp_helptext邏輯向表#output里插入變量

insert #output (real_decrypt) select @real_decrypt_01

-- select real_decrypt AS '#output chek' from #output --測(cè)試

-- -------------------------------------

--開始從sp_helptext提取

-- -------------------------------------

declare @dbname sysname

,@BlankSpaceAdded int

,@BasePos int

,@CurrentPos int

,@TextLength int

,@LineId int

,@AddOnLen int

,@LFCR int --回車換行的長(zhǎng)度

,@DefinedLength int

,@SyscomText nvarchar(4000)

,@Line nvarchar(255)

Select @DefinedLength = 255

SELECT @BlankSpaceAdded = 0 --跟蹤行結(jié)束的空格。注意Len函數(shù)忽略了多余的空格

CREATE TABLE #CommentText

(LineId int

,Text nvarchar(255) collate database_default)

--使用#output代替sys.sysobjvalues

DECLARE ms_crs_syscom CURSOR LOCAL

FOR SELECT real_decrypt from #output

ORDER BY ident

FOR READ ONLY

--獲取文本

SELECT @LFCR = 2

SELECT @LineId = 1

OPEN ms_crs_syscom

FETCH NEXT FROM ms_crs_syscom into @SyscomText

WHILE @@fetch_status >= 0

BEGIN

SELECT @BasePos = 1

SELECT @CurrentPos = 1

SELECT @TextLength = LEN(@SyscomText)

WHILE @CurrentPos != 0

BEGIN

--通過回車查找行的結(jié)束

SELECT @CurrentPos = CHARINDEX(char(13)+char(10), @SyscomText,

@BasePos)

--如果找到回車

IF @CurrentPos != 0

BEGIN

--如果@Lines的長(zhǎng)度的新值比設(shè)置的大就插入@Lines目前的內(nèi)容并繼續(xù)

While (isnull(LEN(@Line),0) + @BlankSpaceAdded +

@CurrentPos-@BasePos + @LFCR) > @DefinedLength

BEGIN

SELECT @AddOnLen = @DefinedLength-(isnull(LEN(@Line),0) +

@BlankSpaceAdded)

INSERT #CommentText VALUES

( @LineId,

isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,

@BasePos, @AddOnLen), N''))

SELECT @Line = NULL, @LineId = @LineId + 1,

@BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded = 0

END

SELECT @Line = isnull(@Line, N'') +

isnull(SUBSTRING(@SyscomText, @BasePos, @CurrentPos-@BasePos + @LFCR), N'')

SELECT @BasePos = @CurrentPos+2

INSERT #CommentText VALUES( @LineId, @Line )

SELECT @LineId = @LineId + 1

SELECT @Line = NULL

END

ELSE

--如果回車沒找到

BEGIN

IF @BasePos <= @TextLength

BEGIN

--如果@Lines長(zhǎng)度的新值大于定義的長(zhǎng)度

While (isnull(LEN(@Line),0) + @BlankSpaceAdded +

@TextLength-@BasePos+1 ) > @DefinedLength

BEGIN

SELECT @AddOnLen = @DefinedLength -

(isnull(LEN(@Line),0) + @BlankSpaceAdded)

INSERT #CommentText VALUES

( @LineId,

isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,

@BasePos, @AddOnLen), N''))

SELECT @Line = NULL, @LineId = @LineId + 1,

@BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded =

END

SELECT @Line = isnull(@Line, N'') +

isnull(SUBSTRING(@SyscomText, @BasePos, @TextLength-@BasePos+1 ), N'')

if LEN(@Line) < @DefinedLength and charindex(' ',

@SyscomText, @TextLength+1 ) > 0

BEGIN

SELECT @Line = @Line + ' ', @BlankSpaceAdded = 1

END

FETCH NEXT FROM ms_crs_syscom into @SyscomText

END

IF @Line is NOT NULL

INSERT #CommentText VALUES( @LineId, @Line )

select Text from #CommentText order by LineId

CLOSE ms_crs_syscom

DEALLOCATE ms_crs_syscom

DROP TABLE #CommentText

-- -------------------------------------

--結(jié)束從sp_helptext提取

-- -------------------------------------

--刪除用短橫線創(chuàng)建的存儲(chǔ)過程并重建原始的存儲(chǔ)過程

ROLLBACK TRAN

DROP TABLE #output

posted on 2011-01-29 16:38 楊粼波閱讀(2810) 評(píng)論(0) 編輯收藏引用

只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。
【推薦】100%開源！大型工業(yè)跨平臺(tái)軟件C++源碼提供，建模，組態(tài)！



網(wǎng)站導(dǎo)航: 博客園 IT新聞 BlogJava 博問 Chat2DB 管理

牽著老婆滿街逛

導(dǎo)航

統(tǒng)計(jì)

公告

常用鏈接

留言簿(11)

隨筆分類(466)

隨筆檔案(1513)

文章分類(46)

文章檔案(45)

相冊(cè)

收藏夾(39)

工具官網(wǎng)

技術(shù)網(wǎng)站

開源網(wǎng)站

其他窩點(diǎn)

收藏網(wǎng)站

銀行官網(wǎng)

友情鏈接

資源共享

搜索

積分與排名

最新評(píng)論

閱讀排行榜

破解SQL2005(SQL2008)的存儲(chǔ)過程的存儲(chǔ)過程