SQL Server加密存储过程的破解
建好sp后,在“连接到数据库引擎”对话框的“服务器名称”框中,键入 ADMIN:,并在其后继续键入服务器实例的名称。例如,若要连接到名为 ACCT\PAYABLE 的服务器实例,请键入 ADMIN:ACCT\PAYABLE。然后再调用此存储过程来查看。
CREATE PROCEDURE dbo.sp__procedure$decrypt
(@procedure sysname = NULL, @revfl int = 1)
AS
SET NOCOUNT ON
IF @revfl = 1
BEGIN
PRINT 'CAUTION: THIS PROCEDURE DELETES AND REBUILDS THE ORIGINAL STORED PROCEDURE.'
PRINT ' MAKE A BACKUP OF YOUR DATABASE BEFORE RUNNING THIS PROCEDURE.'
PRINT ' IDEALLY, THIS PROCEDURE SHOULD BE RUN ON A NON-PRODUCTION COPY OF THE PROCEDURE.'
PRINT ' To run the procedure, change the @revfl parameter to 0'
RETURN 0
END
DECLARE @intProcSpace bigint
,@t bigint
,@maxColID smallint
,@intEncrypted tinyint
,@procNameLength int
select @maxColID = max(subobjid)
--//,@intEncrypted = imageval
FROM sys.sysobjvalues
WHERE objid = object_id(@procedure)
GROUP BY imageval
--select @maxColID as 'Rows in sys.sysobjvalues'
select @procNameLength = datalength(@procedure) + 29
DECLARE @real_01 nvarchar(max)
DECLARE @real_02 nvarchar(max)
DECLARE @real_03 nvarchar(max)
DECLARE @real_04 nvarchar(max)
DECLARE @real_05 nvarchar(max)
DECLARE @fake_01 nvarchar(max)
,@fake_02 nvarchar(max)
,@fake_03 nvarchar(max)
,@fake_04 nvarchar(max)
,@fake_05 nvarchar(max)
DECLARE @fake_encrypt_01 nvarchar(max)
DECLARE @fake_encrypt_02 nvarchar(max)
DECLARE @fake_encrypt_03 nvarchar(max)
DECLARE @fake_encrypt_04 nvarchar(max)
DECLARE @fake_encrypt_05 nvarchar(max)
DECLARE @real_decrypt_01 nvarchar(max)
,@real_decrypt_01a nvarchar(max)
,@real_decrypt_02 nvarchar(max)
,@real_decrypt_02a nvarchar(max)
,@real_decrypt_03 nvarchar(max)
,@real_decrypt_03a nvarchar(max)
,@real_decrypt_04 nvarchar(max)
,@real_decrypt_04a nvarchar(max)
,@real_decrypt_05 nvarchar(max)
,@real_decrypt_05a nvarchar(max)
select @real_decrypt_01a = ''
,@real_decrypt_02a = ''
,@real_decrypt_03a = ''
,@real_decrypt_04a = ''
,@real_decrypt_05a = ''
-- extract the encrypted imageval rows from sys.sysobjvalues
SELECT @real_01=substring(imageval,1,8000)
,@real_02=substring(imageval,8001,16000)
,@real_03=substring(imageval,16001,24000)
,@real_04=substring(imageval,24001,32000)
,@real_05=substring(imageval,32001,40000)
FROM sys.sysobjvalues
WHERE objid = object_id(@procedure) and valclass = 1 and subobjid = 1
-- create this table for later use
create table #output ( [ident] [int] IDENTITY (1, 1) NOT NULL ,
[real_decrypt] NVARCHAR(MAX)
)
-- We'll begin the transaction and roll it back later
BEGIN TRAN
-- alter the original procedure, replacing with dashes
SET @fake_01='ALTER PROCEDURE '+ @procedure +' WITH ENCRYPTION AS
'+REPLICATE('-', 40003 - @procNameLength)
EXECUTE (@fake_01)
-- extract the encrypted fake imageval rows from sys.sysobjvalues
SELECT @fake_encrypt_01=substring(imageval,1,8000)
,@fake_encrypt_02=substring(imageval,8001,16000)
,@fake_encrypt_03=substring(imageval,16001,24000)
,@fake_encrypt_04=substring(imageval,24001,32000)
,@fake_encrypt_05=substring(imageval,32001,40000)
FROM sys.sysobjvalues
WHERE objid = object_id(@procedure) and valclass = 1 and subobjid = 1
SET @fake_01='CREATE PROCEDURE '+ @procedure +' WITH ENCRYPTION AS '
+ REPLICATE('-', 40003 - @procNameLength)
--start counter
SET @intProcSpace=1
--fill temporary variable with with a filler character
SET @real_decrypt_01 = replicate(N'A', (datalength(@real_01) /2 ))
--loop through each of the variables sets of variables, building the real variable
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_01)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_01 = stuff(@real_decrypt_01, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_01, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_01, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_01, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_02)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_02 = stuff(@real_decrypt_02, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_02, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_02, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_02, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_03)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_03 = stuff(@real_decrypt_03, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_03, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_03, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_03, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_04)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_04 = stuff(@real_decrypt_04, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_04, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_04, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_04, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
--one byte at a time.
SET @intProcSpace=1
-- Go through each @real_xx variable and decrypt it, as necessary
WHILE @intProcSpace<=(datalength(@real_05)/2)
BEGIN
--xor real & fake & fake encrypted
SET @real_decrypt_05 = stuff(@real_decrypt_05, @intProcSpace, 1,
NCHAR(UNICODE(substring(@real_05, @intProcSpace, 1)) ^
(UNICODE(substring(@fake_05, @intProcSpace, 1)) ^
UNICODE(substring(@fake_encrypt_05, @intProcSpace, 1)))))
SET @intProcSpace=@intProcSpace+1
END
-- Load the variables into #output for handling by sp_helptext logic
INSERT INTO #output (real_decrypt)
SELECT @real_decrypt_01
UNION ALL
SELECT @real_decrypt_02
UNION ALL
SELECT @real_decrypt_03
UNION ALL
SELECT @real_decrypt_04
UNION ALL
SELECT @real_decrypt_05
-- select real_decrypt AS '#output chek' from #output -- Testing
-- -------------------------------------
-- Beginning of extract from sp_helptext
-- -------------------------------------
declare @dbname sysname
,@BlankSpaceAdded int
,@BasePos int
,@CurrentPos int
,@TextLength int
,@LineId int
,@AddOnLen int
,@LFCR int --lengths of line feed carriage return
,@DefinedLength int
,@SyscomText nvarchar(4000)
,@Line nvarchar(255)
Select @DefinedLength = 255
SELECT @BlankSpaceAdded = 0 --Keeps track of blank spaces at end of lines. Note Len function ignores trailing blank spaces
CREATE TABLE #CommentText
(LineId int
,Text nvarchar(255) collate database_default)
-- use #output instead of sys.sysobjvalues
DECLARE ms_crs_syscom CURSOR LOCAL
FOR SELECT real_decrypt
from #output
ORDER BY ident
FOR READ ONLY
-- Else get the text.
SELECT @LFCR = 2
SELECT @LineId = 1
OPEN ms_crs_syscom
FETCH NEXT FROM ms_crs_syscom into @SyscomText
WHILE @@fetch_status >= 0
BEGIN
SELECT @BasePos = 1
SELECT @CurrentPos = 1
SELECT @TextLength = LEN(@SyscomText)
WHILE @CurrentPos != 0
BEGIN
--Looking for end of line followed by carriage return
SELECT @CurrentPos = CHARINDEX(char(13)+char(10), @SyscomText,
@BasePos)
--If carriage return found
IF @CurrentPos != 0
BEGIN
--If new value for @Lines length will be > then the
--set length then insert current contents of @line
--and proceed.
While (isnull(LEN(@Line),0) + @BlankSpaceAdded +
@CurrentPos-@BasePos + @LFCR) > @DefinedLength
BEGIN
SELECT @AddOnLen = @DefinedLength-(isnull(LEN(@Line),0) +
@BlankSpaceAdded)
INSERT #CommentText VALUES
( @LineId,
isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,
@BasePos, @AddOnLen), N''))
SELECT @Line = NULL, @LineId = @LineId + 1,
@BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded = 0
END
SELECT @Line = isnull(@Line, N'') +
isnull(SUBSTRING(@SyscomText, @BasePos, @CurrentPos-@BasePos + @LFCR), N'')
SELECT @BasePos = @CurrentPos+2
INSERT #CommentText VALUES( @LineId, @Line )
SELECT @LineId = @LineId + 1
SELECT @Line = NULL
END
ELSE
--else carriage return not found
BEGIN
IF @BasePos <= @TextLength
BEGIN
--If new value for @Lines length will be > then the
--defined length
--
While (isnull(LEN(@Line),0) + @BlankSpaceAdded +
@TextLength-@BasePos+1 ) > @DefinedLength
BEGIN
SELECT @AddOnLen = @DefinedLength -
(isnull(LEN(@Line),0) + @BlankSpaceAdded)
INSERT #CommentText VALUES
( @LineId,
isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,
@BasePos, @AddOnLen), N''))
SELECT @Line = NULL, @LineId = @LineId + 1,
@BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded =
0
END
SELECT @Line = isnull(@Line, N'') +
isnull(SUBSTRING(@SyscomText, @BasePos, @TextLength-@BasePos+1 ), N'')
if LEN(@Line) < @DefinedLength and charindex(' ',
@SyscomText, @TextLength+1 ) > 0
BEGIN
SELECT @Line = @Line + ' ', @BlankSpaceAdded = 1
END
END
END
END
FETCH NEXT FROM ms_crs_syscom into @SyscomText
END
IF @Line is NOT NULL
INSERT #CommentText VALUES( @LineId, @Line )
select Text from #CommentText order by LineId
CLOSE ms_crs_syscom
DEALLOCATE ms_crs_syscom
DROP TABLE #CommentText
-- -------------------------------------
-- End of extract from sp_helptext
-- -------------------------------------
-- Drop the procedure that was setup with dashes and rebuild it with the good stuff
-- Version 1.1 mod; makes rebuilding hte proc unnecessary
ROLLBACK TRAN
DROP TABLE #output
GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO
SQL Server加密存储过程的破解的更多相关文章
- 查看SQL SERVER 加密存储过程,函数,触发器,视图
原文:查看SQL SERVER 加密存储过程,函数,触发器,视图 create PROCEDURE sp_decrypt(@objectname varchar(50))ASbeginset noc ...
- SQL Server中存储过程 比 直接运行SQL语句慢的原因
问题是存储过程的Parameter sniffing 在很多的资料中都描述说SQLSERVER的存储过程较普通的SQL语句有以下优点: 1. 存储过程只在创造时进行编译即可,以后每次执行存储过 ...
- SQL Server中存储过程比直接运行SQL语句慢的原因
原文:SQL Server中存储过程比直接运行SQL语句慢的原因 在很多的资料中都描述说SQLSERVER的存储过程较普通的SQL语句有以下优点: 1. 存储过程只在创造时进行编译即可,以 ...
- SQL Server 加密案例解析
一.概述 加密是一种安全措施,有时候甚至是法律要求.作为攻破Windows系统的最后一道防线,通过加密可以保证在没有密钥的情况下获取备份或者物理介质变得毫无意义. 二.概念 加密层次结构 加密层次结构 ...
- sql server系统存储过程大全
关键词:sql server系统存储过程,mssql系统存储过程 xp_cmdshell --*执行DOS各种命令,结果以文本行返回. xp_fixeddrives --*查询各磁盘/分区可用空间 x ...
- 在sql server中建存储过程,如果需要参数是一个可变集合怎么处理?
在sql server中建存储过程,如果需要参数是一个可变集合的处理 原存储过程,@objectIds 为可变参数,比如 110,98,99 ALTER PROC [dbo].[Proc_totalS ...
- 在易语言中调用MS SQL SERVER数据库存储过程方法总结
Microsoft SQL SERVER 数据库存储过程,根据其输入输出数据,笼统的可以分为以下几种情况或其组合:无输入,有一个或多个输入参数,无输出,直接返回(return)一个值,通过output ...
- SQL Server 2008 存储过程,带事务的存储过程(创建存储过程,删除存储过程,修改存储过
SQL Server 2008 存储过程,带事务的存储过程(创建存储过程,删除存储过程,修改存储过 存储过程 创建存储过程 use pubs --pubs为数据库 go create proc ...
- ADO.NET访问SQL Server调用存储过程带回参
1,ADO.NET访问SQL Server调用存储过程带回参 2,DatabaseDesign use northwind go --存储过程1 --插入一条商品 productname=芹菜 un ...
随机推荐
- 基于C#语言利用Microsoft.office.introp.excel操作Excel总结
终于解决了质量评估测试软件在任意装有excel(2010以下版本)的电脑上正常使用的问题!!!!!!!!!! 可到http://www.microsoft.com/en-sa/download/con ...
- ubuntu下android开发环境安装
一 安装jdk 网址:http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html 新建一个文 ...
- 登录Cloudera Manager时报错org.hibernate.exception.GenericJDBCException: Could not open connection
去Cloudera Server上边看了一下日志: cat /opt/cloudera-manager/log/cloudera-scm-server/cloudera-scm-server.log ...
- 抓包工具Fiddler的使用
Fiddler 教程 Fiddler是最强大最好用的Web调试工具之一,它能记录所有客户端和服务器的http和https请求,允许你监视,设置断点,甚至修改输入输出数据. 使用Fiddler无论对开发 ...
- ember.js:使用笔记10 常用方法
init: controller中初始化方法, //注意该方法是在其他方法之前,所以取不出this,model等值: 跳转:this.tra ...
- Oracle 使用小计
1.Sequence 1.1 什么是Sequence? Sequence是oracle提供的一个对象,用于产生自增的主键.这与sql server的identity是类似的. 从数学的角度来说,其为一 ...
- cordova的android notify消息通知插件
最近在学习用CORDOVA(PHONEGAP)结合SENCHA TOUCH开发应用,想实现一个安卓下的消息通知功能,这个可以通过CORDOVA的插件来实现. 插件目录结构如下: notifyplugi ...
- 【POJ】1556 The Doors(计算几何基础+spfa)
http://poj.org/problem?id=1556 首先路径的每条线段一定是端点之间的连线.证明?这是个坑...反正我是随便画了一下图然后就写了.. 然后re是什么节奏?我记得我开够了啊.. ...
- COJ986 WZJ的数据结构(负十四)
WZJ的数据结构(负十四) 难度级别:D: 运行时间限制:6000ms: 运行空间限制:262144KB: 代码长度限制:2000000B 试题描述 请你设计一个数据结构,完成以下功能: 给定一个大小 ...
- JAVA_RSA密钥生成
在网上找了下RSA的密钥的创建,结果全是用java序列化PublicKey和PrivateKey来保存,就自己写了个RSA公钥和私钥的创建,及进行Base64编码后保存. 这里用到了 bcprov-j ...