SQL Server加密存储过程的破解
建好sp后,在“连接到数据库引擎”对话框的“服务器名称”框中,键入 ADMIN:,并在其后继续键入服务器实例的名称。例如,若要连接到名为 ACCT\PAYABLE 的服务器实例,请键入 ADMIN:ACCT\PAYABLE。然后再调用此存储过程来查看。
CREATE PROCEDURE dbo.sp__procedure$decrypt
(@procedure sysname = NULL, @revfl int = 1)
AS
SET NOCOUNT ON
IF @revfl = 1
BEGIN
PRINT 'CAUTION: THIS PROCEDURE DELETES AND REBUILDS THE ORIGINAL STORED PROCEDURE.'
PRINT ' MAKE A BACKUP OF YOUR DATABASE BEFORE RUNNING THIS PROCEDURE.'
PRINT ' IDEALLY, THIS PROCEDURE SHOULD BE RUN ON A NON-PRODUCTION COPY OF THE PROCEDURE.'
PRINT ' To run the procedure, change the @revfl parameter to 0'
RETURN 0
END
DECLARE @intProcSpace bigint
,@t bigint
,@maxColID smallint
,@intEncrypted tinyint
,@procNameLength int
select @maxColID = max(subobjid)
--//,@intEncrypted = imageval
FROM sys.sysobjvalues
WHERE objid = object_id(@procedure)
GROUP BY imageval
--select @maxColID as 'Rows in sys.sysobjvalues'
select @procNameLength = datalength(@procedure) + 29
DECLARE @real_01 nvarchar(max)
DECLARE @real_02 nvarchar(max)
DECLARE @real_03 nvarchar(max)
DECLARE @real_04 nvarchar(max)
DECLARE @real_05 nvarchar(max)
DECLARE @fake_01 nvarchar(max)
,@fake_02 nvarchar(max)
,@fake_03 nvarchar(max)
,@fake_04 nvarchar(max)
,@fake_05 nvarchar(max)
DECLARE @fake_encrypt_01 nvarchar(max)
DECLARE @fake_encrypt_02 nvarchar(max)
DECLARE @fake_encrypt_03 nvarchar(max)
DECLARE @fake_encrypt_04 nvarchar(max)
DECLARE @fake_encrypt_05 nvarchar(max)
DECLARE @real_decrypt_01 nvarchar(max)
,@real_decrypt_01a nvarchar(max)
,@real_decrypt_02 nvarchar(max)
,@real_decrypt_02a nvarchar(max)
,@real_decrypt_03 nvarchar(max)
,@real_decrypt_03a nvarchar(max)
,@real_decrypt_04 nvarchar(max)
,@real_decrypt_04a nvarchar(max)
,@real_decrypt_05 nvarchar(max)
,@real_decrypt_05a nvarchar(max)
select @real_decrypt_01a = ''
,@real_decrypt_02a = ''
,@real_decrypt_03a = ''
,@real_decrypt_04a = ''
,@real_decrypt_05a = ''
-- extract the encrypted imageval rows from sys.sysobjvalues
SELECT @real_01=substring(imageval,1,8000)
,@real_02=substring(imageval,8001,16000)
,@real_03=substring(imageval,16001,24000)
,@real_04=substring(imageval,24001,32000)
,@real_05=substring(imageval,32001,40000)
FROM sys.sysobjvalues
WHERE objid = object_id(@procedure) and valclass = 1 and subobjid = 1
-- create this table for later use
create table #output ( [ident] [int] IDENTITY (1, 1) NOT NULL ,
[real_decrypt] NVARCHAR(MAX)
)
-- We'll begin the transaction and roll it back later
BEGIN TRAN
-- alter the original procedure, replacing with dashes
SET @fake_01='ALTER PROCEDURE '+ @procedure +' WITH ENCRYPTION AS
'+REPLICATE('-', 40003 - @procNameLength)
EXECUTE (@fake_01)
-- extract the encrypted fake imageval rows from sys.sysobjvalues
SELECT @fake_encrypt_01=substring(imageval,1,8000)
,@fake_encrypt_02=substring(imageval,8001,16000)
,@fake_encrypt_03=substring(imageval,16001,24000)
,@fake_encrypt_04=substring(imageval,24001,32000)
,@fake_encrypt_05=substring(imageval,32001,40000)
FROM sys.sysobjvalues
WHERE objid = object_id(@procedure) and valclass = 1 and subobjid = 1
SET @fake_01='CREATE PROCEDURE '+ @procedure +' WITH ENCRYPTION AS '
+ REPLICATE('-', 40003 - @procNameLength)
--start counter
SET @intProcSpace=1
--fill temporary variable with with a filler character
SET @real_decrypt_01 = replicate(N'A', (datalength(@real_01) /2 ))
--loop through each of the variables sets of variables, building the real variable
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_01)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_01 = stuff(@real_decrypt_01, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_01, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_01, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_01, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_02)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_02 = stuff(@real_decrypt_02, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_02, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_02, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_02, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_03)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_03 = stuff(@real_decrypt_03, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_03, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_03, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_03, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_04)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_04 = stuff(@real_decrypt_04, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_04, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_04, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_04, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_05)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_05 = stuff(@real_decrypt_05, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_05, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_05, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_05, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
-- Load the variables into #output for handling by sp_helptext logic
INSERT INTO #output (real_decrypt)
SELECT @real_decrypt_01
UNION ALL
SELECT @real_decrypt_02
UNION ALL
SELECT @real_decrypt_03
UNION ALL
SELECT @real_decrypt_04
UNION ALL
SELECT @real_decrypt_05
-- select real_decrypt AS '#output chek' from #output -- Testing
-- -------------------------------------
-- Beginning of extract from sp_helptext
-- -------------------------------------
declare @dbname sysname
,@BlankSpaceAdded int
,@BasePos int
,@CurrentPos int
,@TextLength int
,@LineId int
,@AddOnLen int
,@LFCR int --lengths of line feed carriage return
,@DefinedLength int
,@SyscomText nvarchar(4000)
,@Line nvarchar(255)
Select @DefinedLength = 255
SELECT @BlankSpaceAdded = 0 --Keeps track of blank spaces at end of lines. Note Len function ignores trailing blank spaces
CREATE TABLE #CommentText
(LineId int
,Text nvarchar(255) collate database_default)
-- use #output instead of sys.sysobjvalues
DECLARE ms_crs_syscom CURSOR LOCAL
FOR SELECT real_decrypt
from #output
ORDER BY ident
FOR READ ONLY
-- Else get the text.
SELECT @LFCR = 2
SELECT @LineId = 1
OPEN ms_crs_syscom
FETCH NEXT FROM ms_crs_syscom into @SyscomText
WHILE @@fetch_status >= 0
BEGIN
SELECT @BasePos = 1
SELECT @CurrentPos = 1
SELECT @TextLength = LEN(@SyscomText)
WHILE @CurrentPos != 0
BEGIN
--Looking for end of line followed by carriage return
SELECT @CurrentPos = CHARINDEX(char(13)+char(10), @SyscomText,
@BasePos)
--If carriage return found
IF @CurrentPos != 0
BEGIN
--If new value for @Lines length will be > then the
--set length then insert current contents of @line
--and proceed.
While (isnull(LEN(@Line),0) + @BlankSpaceAdded +
@CurrentPos-@BasePos + @LFCR) > @DefinedLength
BEGIN
SELECT @AddOnLen = @DefinedLength-(isnull(LEN(@Line),0) +
@BlankSpaceAdded)
INSERT #CommentText VALUES
( @LineId,
isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,
@BasePos, @AddOnLen), N''))
SELECT @Line = NULL, @LineId = @LineId + 1,
@BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded = 0
END
SELECT @Line = isnull(@Line, N'') +
isnull(SUBSTRING(@SyscomText, @BasePos, @CurrentPos-@BasePos + @LFCR), N'')
SELECT @BasePos = @CurrentPos+2
INSERT #CommentText VALUES( @LineId, @Line )
SELECT @LineId = @LineId + 1
SELECT @Line = NULL
END
ELSE
--else carriage return not found
BEGIN
IF @BasePos <= @TextLength
BEGIN
--If new value for @Lines length will be > then the
--defined length
--
While (isnull(LEN(@Line),0) + @BlankSpaceAdded +
@TextLength-@BasePos+1 ) > @DefinedLength
BEGIN
SELECT @AddOnLen = @DefinedLength -
(isnull(LEN(@Line),0) + @BlankSpaceAdded)
INSERT #CommentText VALUES
( @LineId,
isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,
@BasePos, @AddOnLen), N''))
SELECT @Line = NULL, @LineId = @LineId + 1,
@BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded =
0
END
SELECT @Line = isnull(@Line, N'') +
isnull(SUBSTRING(@SyscomText, @BasePos, @TextLength-@BasePos+1 ), N'')
if LEN(@Line) < @DefinedLength and charindex(' ',
@SyscomText, @TextLength+1 ) > 0
BEGIN
SELECT @Line = @Line + ' ', @BlankSpaceAdded = 1
END
END
END
END
FETCH NEXT FROM ms_crs_syscom into @SyscomText
END
IF @Line is NOT NULL
INSERT #CommentText VALUES( @LineId, @Line )
select Text from #CommentText order by LineId
CLOSE ms_crs_syscom
DEALLOCATE ms_crs_syscom
DROP TABLE #CommentText
-- -------------------------------------
-- End of extract from sp_helptext
-- -------------------------------------
-- Drop the procedure that was setup with dashes and rebuild it with the good stuff
-- Version 1.1 mod; makes rebuilding hte proc unnecessary
ROLLBACK TRAN
DROP TABLE #output
GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO
SQL Server加密存储过程的破解的更多相关文章
- 查看SQL SERVER 加密存储过程,函数,触发器,视图
原文:查看SQL SERVER 加密存储过程,函数,触发器,视图 create PROCEDURE sp_decrypt(@objectname varchar(50))ASbeginset noc ...
- SQL Server中存储过程 比 直接运行SQL语句慢的原因
问题是存储过程的Parameter sniffing 在很多的资料中都描述说SQLSERVER的存储过程较普通的SQL语句有以下优点: 1. 存储过程只在创造时进行编译即可,以后每次执行存储过 ...
- SQL Server中存储过程比直接运行SQL语句慢的原因
原文:SQL Server中存储过程比直接运行SQL语句慢的原因 在很多的资料中都描述说SQLSERVER的存储过程较普通的SQL语句有以下优点: 1. 存储过程只在创造时进行编译即可,以 ...
- SQL Server 加密案例解析
一.概述 加密是一种安全措施,有时候甚至是法律要求.作为攻破Windows系统的最后一道防线,通过加密可以保证在没有密钥的情况下获取备份或者物理介质变得毫无意义. 二.概念 加密层次结构 加密层次结构 ...
- sql server系统存储过程大全
关键词:sql server系统存储过程,mssql系统存储过程 xp_cmdshell --*执行DOS各种命令,结果以文本行返回. xp_fixeddrives --*查询各磁盘/分区可用空间 x ...
- 在sql server中建存储过程,如果需要参数是一个可变集合怎么处理?
在sql server中建存储过程,如果需要参数是一个可变集合的处理 原存储过程,@objectIds 为可变参数,比如 110,98,99 ALTER PROC [dbo].[Proc_totalS ...
- 在易语言中调用MS SQL SERVER数据库存储过程方法总结
Microsoft SQL SERVER 数据库存储过程,根据其输入输出数据,笼统的可以分为以下几种情况或其组合:无输入,有一个或多个输入参数,无输出,直接返回(return)一个值,通过output ...
- SQL Server 2008 存储过程,带事务的存储过程(创建存储过程,删除存储过程,修改存储过
SQL Server 2008 存储过程,带事务的存储过程(创建存储过程,删除存储过程,修改存储过 存储过程 创建存储过程 use pubs --pubs为数据库 go create proc ...
- ADO.NET访问SQL Server调用存储过程带回参
1,ADO.NET访问SQL Server调用存储过程带回参 2,DatabaseDesign use northwind go --存储过程1 --插入一条商品 productname=芹菜 un ...
随机推荐
- 开始写github
公司即将开发手机钱庄网,于是最近在写一些手机上常用的js组件做前期准备. 之所以没有沿用pc的那些插件,原因是: 之前的插件大多数是使用jquery写的 移动端的性能要求更严格 以前写的插件从现在看看 ...
- CodeForces 505B Mr. Kitayuta's Colorful Graph
Mr. Kitayuta's Colorful Graph Time Limit:1000MS Memory Limit:262144KB 64bit IO Format:%I64d ...
- JS插件
1.Placeholders.js 所有的浏览器都支持placeholder,唯独IE不支持.现在我们有了这款插件,IE下终于可以支持了! 2.Html5shiv.js 主要解决HTML5提出的新的元 ...
- Codeforces Round #206 (Div. 2) A. Vasya and Digital Root
#include <iostream> using namespace std; int main(){ int k,d; cin >> k >>d; ) { k ...
- Bestcoder Round# 80
[1003 Sequence] 指数循环节,注意a mod p = 0的情况.此时你的循环节如果返回0,这时你会输出1,而实际上应该是0 #include <algorithm> #inc ...
- 关于Ruby的一些知识
1 -9/2 = -5 当进行一个除法运算的结果是一个负数的时候,由于Ruby采取向负无穷大圆整,所以结果是-5.而由于除数是个整数,所以结果也是一个整数.而其他语言多数是向0取整. 2 连接字符串建 ...
- JSON.stringify语法解析(自己留存)
语法: JSON.stringify(value [, replacer] [, space]) value:是必选字段.就是你输入的对象,比如数组,类等. replacer:这个是可选的.它又分为2 ...
- redux-actions源码解读
一.什么是redux-actions redux-actions是一个简化action和reducer创建的一个封装库,里面有5个js文件, createAction.js handleAction. ...
- Mui - 全局css
头部(mh) <header class="mui-bar mui-bar-nav"> <a class="mui-action-back mui-ic ...
- java 处理xml格式数据
1.单个xml文件 package lia.meetlucene; import java.io.*; import javax.xml.parsers.DocumentBuilder; import ...