blogs.conus.info

Oracle SPY Events
-- Dennis Yurichev http://blogs.conus.info

This win32 utility intercept internal Oracle RDBMS function calls to ksdpec() and ss_wrtf() and may be used for undocumented Oracle trace events hunting.

Some trace events used for turning on some debug messages, some used for behavior change, some are even used for turning on and off some bug fixes.

Trace event may be turning on by issuing command like that:

ALTER SYSTEM SET EVENTS '10051 trace name context forever, level 255';

It assign value of 255 to event number 10051.

In reply to Jared Still's blog entry entitled "Undocumented Oracle Functions".

These are SYS_OP_* functions which I able to find in 11.1.0.7.0, however, I do not have any clue about what each does.

SYS_OP_ALEXPCOL
SYS_OP_ATG
SYS_OP_BL2R
SYS_OP_BLOOM_FILTER
SYS_OP_BLOOM_FILTER_LIST
SYS_OP_C2C
SYS_OP_CEG
SYS_OP_CL2C
SYS_OP_COMBINED_HASH
SYS_OP_COMP
SYS_OP_CONVERT
SYS_OP_COUNTCHG
SYS_OP_CSCONV
SYS_OP_CSCONVTEST
SYS_OP_CSR
SYS_OP_CSX_PATCH
SYS_OP_CSX_UPD
SYS_OP_DECOMP

Here is some info about Oracle RDBMS modules from newly released 11.1.0.7.0 Linux x86 patchset.
As it was done before for 10.2.0.4, each .txt file representing functions list for each object (.o) file from libserver11.a, information about possible functions calls and their arguments.
It may be useful for debug messages tracing, etc.
See also my previous blog entry about the same, but for 10.2.0.4.

All files in one archive (2045 files, 5M)

Very interesting text of unknown origin appeared on some forum, named "Basics of C within the Oracle kernel."
It contains also code snippets from ksl.h and ksl.c.

Basics of C within the Oracle kernel.
          

C is a function based language and as with most languages is composed of
declarations and statement blocks.

Below is a very simple example and even this example uses 5 functions:

        strcat(),strcpy(),write(),strlen() and print_string().

                ***************

Once upon a time, I disassembled all object files (*.o) extracted from libserver10.a file which is main Oracle RDBMS library, from version 10.2.0.4 Linux x86.
After, I fetched essentials from each one: which functions are in each object file are present, which other functions they may call and possible arguments list.
Here is a short example of what I got:

* Function krvsats

May call krvsarts ()
May call ksdwrf ("krvsats->\n")
May call ksdpec (0x3FAC)
May call ksdpec (0x545)
May call kspgip (ds:kxfpx2_, 1, ...)
May call kslgetl (offset krvsvl_, 1, 0, offset krvsvl_alo_)

Oracle SPY
-- Dennis Yurichev <dennis(@)conus.info> http://blogs.conus.info

This is win32 utility which intercepts internal Oracle RDBMS function calls to rpisplu(), kprbprs(), opiprs() and OCIStmtPrepare() - all these 4 functions used in internal SQL processing. All they are actually "parse" command from different RDBMS layers.

Thereby, this utility allow us to see all (As I know) internal SQL executions.
It may be used for debugging, educational or any other purposes.

It was tested on Oracle 9.2.0.8, 10.1.0.5, 10.2.0.3 and 11.1.0.6.0, of course, for win32 platform.

I'm not sure, which C compiler was used to compile Oracle 11.1.0.6.0 win32 (maybe Intel(R) C++ 9.1, which is used for 11.1.0.6.0 Linux), but it generate some strange things:

.text:0051FBF8 85 C0                             test    eax, eax
.text:0051FBFA 0F 84 8F 00 00 00                 jz      loc_51FC8F
.text:0051FC00 74 1D                             jz      short loc_51FC1F

(This code is from Oracle 11.1.0.6.0 Win32 CPUjul2008)

There're well-known parameters trace_level_server and trace_level_client in sqlnet.ora, which are defining debugging level of trace files.
A lot of network functions may call a special trace writer function which put passed information into trace file.
Usually, software developer with common sense makes trace writer function checking current debug level and let this tracer writer decide if to write any information to file. In this case his code is relatively clean and clear.

It is clever idea used in Oracle RDBMS, where, in complex memory control environment, there are a presence of different malloc()-like functions.
Major portion of these malloc()-like functions also have comment-parameter, where caller pass short human-readable parameter, describing, for what this memory will be used.
After that, at any point of program execution, it is possible to see statistics, what are major memory consumers.
Also, in case of memory leakage, it is possible to see, what memory were not freed.

I tried to use FPGA in quick search of original Oracle RDBMS account passwords extracting their hash values from database.
Relatively simple hashing algorithm used there, involving DES crypto algorithm.
I used three FPGA developer kits for this.