Friday, August 9, 2013

Disabling Data Execution Prevention (DEP) for Windows 7 - Part I



This is a general research notes on the new way Date Execution Prevention (DEP) in Windows 7 systems prevents many of the old applications getting executed on the system (mostly memory address areas). There are various details that can be looked into for in-depth knowledge on this issue. Truly speaking this is tight and there is no such workaround except ROP gadgets (Return - Oriented Programming) that is more of ethical hacking than a workaround and is a subject in itself.
The problem which usually comes up with is more technical and is related to diverse factors.


Actual Exception from Visual Studio:
This actual exception comes up while instantiating the new Java Axbridge ActiveX object.
System.AccessViolationException was caught Message="Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
This followed up by NullReference exception as it failed to create the object.
Standalone Executable may come up with the following, though it points to the same:
System.Runtime.InteropServices.COMException (0x80040154):
Retrieving the COM class factory for component with CLSID {D824B185-AE3C-11D6-ABF5-00B0D07B8582} failed due to the following error: 80040154. 

Research Areas:
1) 32 bit/64 bit application compatibility on Windows 7 (64 bit) system.
2) Oracle Java JRE support for Windows 7 system (since Java axbridge components were used).
3) Microsoft .NET component supports for 64 bit systems.
4) The concepts related to PAE (Physical Address Extension) is worth mentioning.

This post is an accumulation of important points and references of various links, that helped resolving the actual problem.

What was tried that did not help:


It is more or less pointing to compatibility issue where all the following did not work in our case:
  • Recompilation in 32 bit mode (both client and server that includes the Java interoperability DLL).
  • We verified that DEP (Data Execution Prevention) which is by default turned ON for all applications in Windows 7 does not actually contribute to this. Trying to enlist the application as a DEP exception did not help as Windows 7 did not allow that.
  • Re registering the components in Windows 7 for 64 bit.
  • Force converted the DLL to 32 bit using Corflags.exe (did that today forgot to mention).
  • Dump file analysis.
  • We copied the same executable from the Windows 7 machine to the Windows XP machine and upon execution there was no execution.

There are various issues with AxBridge Java ActiveX DLL gets invoked from 64 bits machines. These were also investigated in details. I have kept this article brief and is a part of the development/troubleshooting process.
The next part of this article will be released soon that talks about an indepth analysis and the actual fix.


Wednesday, September 12, 2012

Unix: List Files Which Do Not Have A Particular Pattern In Filename

Many a times we want to list files which do not have a particular pattern in its file name.
Here are a few things you can do (Remember not to use ls -l here):

ls |grep -v bz2 -- file name has bz2 anywhere in the file name
ls |grep -v bz2$ -- file name ends with bz2
ls |grep -v ^bz2 -- file name starts with bz2
ls |grep -v .bz2. -- file name has bz2 in the middle
ls |grep ..bz2 -- file name has atleast 2 chars before bz2
ls |grep '\.bz2$' -- file name ends with .bz2 (\ to escape)
ls |grep "\.bz2$" -- file name ends with .bz2 ("or ' might matter with the shell being used)
ls |grep b.2 -- file name can have bz2 or bx2
ls |grep '\.b.2' -- file name can have .bz2 or .bx2
ls |grep "\.b.2" -- file name can have .bz2 or .bx2

Debug Methods Oracle (Coarse Grained Auditing)



Scenario
There are many times, where there was an issue in production and you did not have any idea how it happened. The following article will give you some direction. Please note there are many other ways too. Currently, I will just focus on a method I had used during a similar situation.

This error information is from the latest logs from Production said:
ORA-00001: unique constraint (TABLE_ABCD.SYS_C006189415) violated

      Now the constraints to troubleshoot the above scenario are:
  • You have limited access/privilege in production environment.
  • The above was due to a duplicate record that came in and your process tried to insert that duplicate data.
But what was that data that caused disruption? The answer could have been found out by using FlashBack Query feature from Oracle. This however is version specific. Let’s look into some other aspects of debugging.

Observation

  • There is no clue to the data that was being inserted at the time this exception was thrown.
  • Not much information either from any of the relevant log files about the metadata.
  • The respective process tables handle massive number of records which makes it further more   cumbersome to troubleshoot or pin point the culprit.
  • No bulletin or logs from front end either.


Other Debug Options
 In this scenario we have a few options to explore and figure out the corrupt data:
  • Putting ON our Application Debug option – Heavy On Performance & Resource (Not always helpful either)
  • Get the trace log files inspected by the DBA (if at all the relevant data is set to be captured) Complex, Heavy On Performance & Resource
  • There are other DBMS packages like DBMS_ERRLOG, DBMS_MONITOR, DBMS_RLS  etc. – Little More Coding and better with live capture instead of historical
  • Triggers to capture & hold the data. – Needs another table to be created to hold the bad data
  • There are some other ways as well not mentioned for now

A Simpler Option (for database issues)

Auditing, at Statement Level.
There are other variations to this as well like Object level, Privilege level, Fine Grained Auditing to increase the granularity of data captured.

PREREQUISITES: The system parameters, AUDIT_SYS_OPERATIONS are set to TRUE & AUDIT_TRAIL is set to DB_EXTENDED (This setting required to capture the SQL_BIND data).  Check V$PARAMETER view. Since by default there will be a certain level of auditing enabled for any database, luckily these settings might pre-exist. In case it doesn’t, enhanced privileges will be required to modify them.

SWITCH ON AUDIT (FOR THE TABLE ONLY):   
AUDIT INSERT, UPDATE ON <OWNER>.<TABLE_NAME>                                                                                                                                          
BY ACCESS – Can be BY SESSION as well                                                                                                                                               
WHENEVER NOT SUCCESSFUL;

CHECK RESULTS: Query the USER_AUDIT_TRAIL table and check the fields, SQL_BIND (the data of interest), SQL_TEXT (the query which caused the failure), ACTION and RETURN CODE (0 for Success)
e.g. select * from USER_AUDIT_TRAIL where owner = 'OWNER_NAME' and OBJ_NAME= 'TABLE_NAME';
The bound data from SQL_BIND column will provide the solution:
               
SWITCH OFF AUDIT:  NOAUDIT INSERT, UPDATE
                                                                                 ON <OWNER>.<TABLE_NAME>
                                                                                  WHENEVER NOT SUCCESSFUL;

NOTE: The above is also an instance where we made use of a minimal elevated privilege.

Refer to the following links for more details:

Saturday, June 25, 2011

Oracle Version


Requirement is simple; you want to retrieve/recover the Version Information of your currently installed Oracle Database. Let us discuss most of the ways of doing so in Oracle & SQL Server.
Here are some of the ways to get it:

1) DBA_REGISTRY (Table) 

     SELECT * FROM DBA_REGISTRY;

SELECT comp_id, comp_name, version, status, namespace, control FROM DBA_REGISTRY WHERE comp_name LIKE '%Oracle%' ORDER BY comp_name;

This will give you the db version along with all the other oracle components installed.
Here is the result:
COMP_ID
COMP_NAME
VERSION
STATUS
NAMESPACE
CONTROL
CATALOG
Oracle Database Catalog Views
9.1.0.3.0
VALID
SERVER
SYS
CATPROC
Oracle Database Packages and Types
9.1.0.3.0
INVALID
SERVER
SYS

2)      V$VERSION (View)

SELECT * FROM V$VERSION

This is the result:
BANNER
Oracle Database 9G Enterprise Edition Release 9.1.0.3.0 - 64bi
PL/SQL Release 9.1.0.3.0 - Production
NLSRTL Version 9.1.0.3.0 - Production






3)      DBMS_DB_VERSION.VERSION (Procedure)

In case you are using SQL Assistant from Oracle you need the Server output to be set.

SET SERVEROUTPUT ON
EXEC DBMS_OUTPUT.PUT_LINE (DBMS_DB_VERSION.VERSION);
EXEC DBMS_OUTPUT.PUT_LINE (DBMS_DB_VERSION.RELEASE);

In case you are using 3rd Party Vendors for SQL Assistant as Benthic Golden Software you can have an output like this:
Press F10 or select View à DBMS OUTPUT Window
Then run the above code by F7. You will have the DBMS_OUTPUT.PUT_LINE generated output in the following window:

The result of the above query will be as:


4)      DBMS_UTILITY.DB_VERSION (Function)
DECLARE
mydb_version       varchar2 (200);
mydb_compatibility varchar2 (200);
BEGIN
dbms_utility.db_version( mydb_version, mydb_compatibility );
dbms_output.put_line( mydb_version );
dbms_output.put_line( mydb_compatibility );
END;
Here is the result using Benthic Golden Software.
 5)      DATABASE_PROPERTIES (Table)

SELECT * FROM database_properties WHERE property_name LIKE '%RDBMS%';

Here is the result:
PROPERTY_NAME
PROPERTY_VALUE
DESCRIPTION
NLS_RDBMS_VERSION
9.2.0.3.0
RDBMS version for NLS parameters


SQL Server Version Information
1)     
            1) SERVERPROPERTY()
SELECT SERVERPROPERTY ('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition')
GO

The result will be something like this:
10.0.1600.1
CTP
Developer Edition



SERVERPROPERTY can be used to extract other data as well including COLLATION, BUILD etc.
Refer to the following link for more details:

 2) @@VERSION
SELECT @@VERSION

The result will be something like this:
Microsoft SQL Server 2008 (SP1) - 10.0.2411.0 (X64)   Feb 21 2009
1:08:36   Copyright (c) 1988-2008 Microsoft Corporation Express
Edition (64-bit) on Windows NT 6.1 <X64> (Build 7600)






Refer to the following link for more details: