March 22, 2010 at 4:03 am
Does anyone known a method of object tampering within SQL Server 2008?
The goal is to use an attached copy of mssqlsystemresource db and alter some system stored procedures, and then replace this database with the original one. This operation was possible in SQL 2005 (sample link: http://www.docstoc.com/docs/22658935/SQL-Server-Security)... and saved me many hours of work.
March 22, 2010 at 6:43 am
amandix (3/22/2010)
Does anyone known a method of object tampering within SQL Server 2008?The goal is to use an attached copy of mssqlsystemresource db and alter some system stored procedures, and then replace this database with the original one. This operation was possible in SQL 2005 (sample link: http://www.docstoc.com/docs/22658935/SQL-Server-Security)... and saved me many hours of work.
Looking at the link provided one of the first slides says, and I quote, "Covertly maintaining unauthorized access."
Are you asking how to hack SQL Server?
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
March 22, 2010 at 6:57 am
Even if such a thing is possible, by doing so you will completely lose all support from Microsoft. If you hack a system like that and then call customer support for help, they'll likely tell you to reinstall SQL before they will assist.
What are you trying to achieve here? What's the reason behind this request?
There is a reason the system objects are hidden and inaccessible. Fiddling with them can break SQL, break upgrades, cause you all sorts of problems down the line.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
March 22, 2010 at 7:16 am
I'm curious how this saved you "many hours of work".
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
March 22, 2010 at 7:43 am
OK, now i have to explain why...
I usually install on SQL Server systems Transactional Replication on databases. This is not for hack SQL Server!
Sample: there is a system stored stored procedure in mssqlsystemresource db that is called when gererating code for triggers and sps for the publisher side, named [sys].[sp_execresultset].
Altering this sp, i can modify the standard code that is generated by default.
Could you help finding a way to do this in SQL Server 2008?
March 22, 2010 at 7:44 am
OK, now i have to explain why...
I usually install on SQL Server systems Transactional Replication on databases. This is not for hack SQL Server!
Sample: there is a system stored stored procedure in mssqlsystemresource db that is called when gererating code for triggers and sps for the publisher side, named [sys].[sp_execresultset].
Altering this sp, i can modify the standard code that is generated by default.
Could you help finding a way to do this in SQL Server 2008?
March 22, 2010 at 7:47 am
Why? What's wrong with the standard code? What is it not doing that it should?
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
March 22, 2010 at 8:48 am
I have increased code for doing so many thinks... but it's not the point.
The question is: is it possible to do it in SQL 2008, like it was in SQL 2005? can you find some information about it? where?
Can we modify system objects on SQL 2008?
March 22, 2010 at 11:06 am
amandix (3/22/2010)
I have increased code for doing so many thinks... but it's not the point.The question is: is it possible to do it in SQL 2008, like it was in SQL 2005? can you find some information about it? where?
Can we modify system objects on SQL 2008?
Just because you could doesn't mean you should. How about answering the questions you've been asked in a bit more detail?
March 22, 2010 at 11:46 am
So far as I know, SQL 2008 blocks modification of system procedures.
But you can usually get their definitions and create your own versions of them. Wouldn't that allow you to do what you need?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
March 22, 2010 at 3:37 pm
GSquared (3/22/2010)
So far as I know, SQL 2008 blocks modification of system procedures.But you can usually get their definitions and create your own versions of them. Wouldn't that allow you to do what you need?
Agreed with this and Lynne. If the proc contains what you need, modify it and save it as something different. But just because it can be done, doesn't necessarily mean that you should.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
March 22, 2010 at 4:46 pm
Thanks.
Here follows step by step (SQL 2005 solution):
1. Copy the mdf and ldf of mssqsystemresource and rename both with copy in the end “mssqsystemresource_copy.mdf” and “mssqsystemresource_copy.ldf”
2. Attach this new database as mssqsystemresource_copy on your instance of SQL Server 2008
3. Explore down to system stored procedures and select sp_execresultset, right click to modify to a new window
4. Run the script (you don’t have to change anything, because this is only to illustrate the error I’m getting)
Msg 208, Level 16, State 6, Procedure sp_execresultset, Line 1056
Invalid object name 'sys.sp_execresultset'.
5. In SQL Server 2005 the next step was to change this database with the original one… but in SQL Server 2008 the error above doesn’t apply the alter statement.
In this sample I’m trying to change just a copy of mssqlsystemresource…
March 22, 2010 at 5:19 pm
amandix (3/22/2010)
Thanks.Here follows step by step (SQL 2005 solution):
1. Copy the mdf and ldf of mssqsystemresource and rename both with copy in the end “mssqsystemresource_copy.mdf” and “mssqsystemresource_copy.ldf”
2. Attach this new database as mssqsystemresource_copy on your instance of SQL Server 2008
3. Explore down to system stored procedures and select sp_execresultset, right click to modify to a new window
4. Run the script (you don’t have to change anything, because this is only to illustrate the error I’m getting)
Msg 208, Level 16, State 6, Procedure sp_execresultset, Line 1056
Invalid object name 'sys.sp_execresultset'.
5. In SQL Server 2005 the next step was to change this database with the original one… but in SQL Server 2008 the error above doesn’t apply the alter statement.
In this sample I’m trying to change just a copy of mssqlsystemresource…
That is due to it still being a system protected object. You must save it as a different name.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
March 22, 2010 at 5:39 pm
Doing your suggestion, i can't move to step 5, because it didn’t change the original procedure and therefore when the system calls the sp, my changes would not be there…
But thanks any way.
March 22, 2010 at 5:45 pm
amandix (3/22/2010)
Doing your suggestion, i can't move to step 5, because it didn’t change the original procedure and therefore when the system calls the sp, my changes would not be there…But thanks any way.
If you change the system protected objects such as you are describing, you run the risk of voiding your product.
This protection in 2008 is by design - to protect the consumer and Microsoft.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 15 posts - 1 through 15 (of 20 total)
You must be logged in to reply to this topic. Login to reply