[20210421]如何使用dumpsga轉儲sga.txt
[20210421]如何使用dumpsga轉儲sga.txt
--//oracle提供一個命令dumpsga轉儲sga資訊,注意別再生產系統亂用這些命令.
1.環境:
PORT_STRING VERSION BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx 11.2.0.4.0 Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
$ which dumpsga
/u01/app/oracle/product/11.2.0.4/dbhome_1/bin/dumpsga
$ dumpsga
DUMPSGA_DIR not set or is null. Exiting
--//首先需要設定DUMPSGA_DIR,並且該目錄需要足夠的磁碟空間,儲存sga映像,當然前提條件是資料庫必須啟動。
$ export DUMPSGA_DIR=/u01/tmp
$ dumpsga
--//這樣在/u01/tmp下生成一個目錄。
$ ls -l /u01/tmp/
total 3952332
drwxr-x--- 2 oracle oinstall 4096 2021-04-21 10:41:15 Apr_21_10:41:07_2021
--//在該目錄下生成一個包含執行dumpsga時間的目錄.該目錄下包括如下內容:
$ ls -l /u01/tmp/Apr_21_10\:41\:07_2021/
total 633464
-rw-rw---- 1 oracle oinstall 12582912 2021-04-21 10:41:07 60000000
-rw-rw---- 1 oracle oinstall 633339904 2021-04-21 10:41:08 60c00000
-rw-rw---- 1 oracle oinstall 2097152 2021-04-21 10:41:15 86800000
-rw-rw---- 1 oracle oinstall 1704 2021-04-21 10:41:15 diagmdata
$ ipcs -m
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0x00000000 20840450 oracle 640 12582912 25
0x00000000 20873219 oracle 640 633339904 25
0xe8a8ec10 20905988 oracle 640 2097152 25
$ ps -ef | grep smo[n]
oracle 19820 1 0 10:32 ? 00:00:00 ora_smon_book
$ cat /proc/19820/maps | grep SYSV
60000000-60c00000 rw-s 00000000 00:0b 20840450 /SYSV00000000 (deleted)
60c00000-86800000 rw-s 00000000 00:0b 20873219 /SYSV00000000 (deleted)
86800000-86a00000 rw-s 00000000 00:0b 20905988 /SYSVe8a8ec10 (deleted)
--//正好3個共享記憶體段,dumpsga檔案命名時以共享記憶體段的開始地址來命名。
--//oracle還提供一個mapsga命令,不過我無法使用,注意對映前必須關閉資料庫。
--//我的理解這些都是一些駭客工具,實際上mapsga之類的命令如果能力強,自己也可以編寫並載入.
SYS@book> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
$ mapsga Apr_21_10\:41\:07_2021/
Oracle SGA Mapper
=================
ORACLE_HOME=/u01/app/oracle/product/11.2.0.4/dbhome_1
ORACLE_SID=book
DUMPSGA_DIR=/u01/tmp
Mapping SGA dump located in = /u01/tmp/Apr_21_10:41:07_2021/
Failed to remap SGA
Error = 17 File exists
--//我的測試報錯.
$ ipcs
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0xe8a8ec10 25853954 oracle 660 12582912 0
--//對比前面的輸出key=0x00000000,不知道不能載入成功問題在這裡.
------ Semaphore Arrays --------
key semid owner perms nsems
------ Message Queues --------
key msqid owner perms used-bytes messages
--//僅僅載入了第一個段,就報錯退出了,nattch=0說明沒有任何程式attach.先刪除載入的共享記憶體段,注意小心!!
$ ipcrm -m 25853954
--//再嘗試跟蹤看看:
$ strace mapsga Apr_21_10\:41\:07_2021/
execve("/u01/app/oracle/product/11.2.0.4/dbhome_1/bin/mapsga", ["mapsga", "Apr_21_10:41:07_2021/"], [/* 52 vars */]) = 0
brk(0) = 0x22d2000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb92ccfb000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb92ccfa000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/tls/x86_64/libclntsh.so.11.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/tls/x86_64", 0x7fffaa47c9c0) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/tls/libclntsh.so.11.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/tls", 0x7fffaa47c9c0) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/x86_64/libclntsh.so.11.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/x86_64", 0x7fffaa47c9c0) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libclntsh.so.11.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\325G\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=53793394, ...}) = 0
mmap(NULL, 44471752, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb92a290000
mprotect(0x7fb92c90e000, 2093056, PROT_NONE) = 0
mmap(0x7fb92cb0d000, 1855488, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x267d000) = 0x7fb92cb0d000
mmap(0x7fb92ccd2000, 161224, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb92ccd2000
close(3) = 0
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libnnz11.so", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\326\4\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=7996693, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb92a28f000
mmap(NULL, 3983936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb929ec2000
mprotect(0x7fb92a14c000, 1044480, PROT_NONE) = 0
mmap(0x7fb92a24b000, 270336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x289000) = 0x7fb92a24b000
mmap(0x7fb92a28d000, 6720, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb92a28d000
close(3) = 0
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/oracm/lib/tls/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/u01/app/oracle/product/11.2.0.4/dbhome_1/oracm/lib/tls/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/oracm/lib/tls/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/u01/app/oracle/product/11.2.0.4/dbhome_1/oracm/lib/tls", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/oracm/lib/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/u01/app/oracle/product/11.2.0.4/dbhome_1/oracm/lib/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/oracm/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/u01/app/oracle/product/11.2.0.4/dbhome_1/oracm/lib", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/lib/tls/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/tls/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/lib/tls/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/tls", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/lib/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\252|G4\0\0\0"..., 832) = 832
close(3) = 0
stat("/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib/tls/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/tls/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/tls", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/usr/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=36864, ...}) = 0
open("/usr/local/lib/tls/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/lib/tls/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/tls/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/lib/tls", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/lib/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib64/tls/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/lib64/tls/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/lib64/x86_64/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7fffaa47c960) = -1 ENOENT (No such file or directory)
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\16\200\2317\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=23360, ...}) = 0
mmap(0x3799800000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3799800000
mprotect(0x3799802000, 2097152, PROT_NONE) = 0
mmap(0x3799a02000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x3799a02000
close(3) = 0
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20D}G4\0\0\0"..., 832) = 832
close(3) = 0
open("/usr/lib/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`>\300\3122\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=614992, ...}) = 0
mmap(0x32cac00000, 2629816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x32cac00000
mprotect(0x32cac82000, 2093056, PROT_NONE) = 0
mmap(0x32cae81000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x32cae81000
close(3) = 0
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p({G4\0\0\0"..., 832) = 832
close(3) = 0
open("/usr/lib/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340W\0\2327\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=149968, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb929ec1000
mmap(0x379a000000, 2208624, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x379a000000
mprotect(0x379a016000, 2097152, PROT_NONE) = 0
mmap(0x379a216000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x379a216000
mmap(0x379a218000, 13168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x379a218000
close(3) = 0
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\361\34H4\0\0\0"..., 832) = 832
close(3) = 0
open("/usr/lib/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240@@\2347\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=114352, ...}) = 0
mmap(0x379c400000, 2194096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x379c400000
mprotect(0x379c415000, 2093056, PROT_NONE) = 0
mmap(0x379c614000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14000) = 0x379c614000
mmap(0x379c616000, 6832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x379c616000
close(3) = 0
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0PfG4\0\0\0"..., 832) = 832
close(3) = 0
open("/usr/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\332\1\2317\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1726320, ...}) = 0
mmap(0x3799000000, 3506520, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3799000000
mprotect(0x379914f000, 2097152, PROT_NONE) = 0
mmap(0x379934f000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14f000) = 0x379934f000
mmap(0x3799354000, 16728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3799354000
close(3) = 0
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/u01/app/oracle/product/11.2.0.4/dbhome_1/lib/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/libaio.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\3\0\0004\0\0\0"..., 832) = 832
close(3) = 0
open("/usr/local/lib/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/x86_64/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls/x86_64", 0x7fffaa47c760) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/x86_64/libaio.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/x86_64", 0x7fffaa47c760) = -1 ENOENT (No such file or directory)
open("/usr/lib64/libaio.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\5\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=3768, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb929ec0000
mmap(NULL, 2099744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb929cbf000
mprotect(0x7fb929cc0000, 2093056, PROT_NONE) = 0
mmap(0x7fb929ebf000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb929ebf000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb929cbe000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb929cbd000
arch_prctl(ARCH_SET_FS, 0x7fb929cbd6e0) = 0
mprotect(0x379934f000, 16384, PROT_READ) = 0
mprotect(0x379c614000, 4096, PROT_READ) = 0
mprotect(0x379a216000, 4096, PROT_READ) = 0
mprotect(0x32cae81000, 4096, PROT_READ) = 0
mprotect(0x3799a02000, 4096, PROT_READ) = 0
mprotect(0x3798e1c000, 4096, PROT_READ) = 0
set_tid_address(0x7fb929cbd770) = 20005
set_robust_list(0x7fb929cbd780, 0x18) = 0
futex(0x7fffaa47d51c, FUTEX_WAKE_PRIVATE, 1) = 0
rt_sigaction(SIGRTMIN, {0x379a0053c0, [], SA_RESTORER|SA_SIGINFO, 0x379a00eca0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x379a0052f0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x379a00eca0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb929cbc000
write(1, "Oracle SGA Mapper\n", 18Oracle SGA Mapper
) = 18
write(1, "=================\n", 18=================
) = 18
write(1, "ORACLE_HOME=/u01/app/oracle/prod"..., 54ORACLE_HOME=/u01/app/oracle/product/11.2.0.4/dbhome_1
) = 54
write(1, "ORACLE_SID=book\n", 16ORACLE_SID=book
) = 16
write(1, "DUMPSGA_DIR=/u01/tmp\n", 21DUMPSGA_DIR=/u01/tmp
) = 21
write(1, "Mapping SGA dump located in = /u"..., 61Mapping SGA dump located in = /u01/tmp/Apr_21_10:41:07_2021/
) = 61
brk(0) = 0x22d2000
brk(0x22f3000) = 0x22f3000
open("/u01/tmp/Apr_21_10:41:07_2021//diagmdata", O_RDWR|O_SYNC) = 3
read(3, "/u01/tmp/Apr_21_10:41:07_2021\0\0\0"..., 1560) = 1560
read(3, "\3\0\0\0\0\0\0\0\0\0\300\0\0\0\0\0\0\0\0\0\2\0>\1\0\0\300\0\0\0\0\0"..., 144) = 144
close(3) = 0
open("/u01/tmp/Apr_21_10:41:07_2021/60000000", O_RDWR|O_CREAT|O_SYNC, 0660) = 3
shmget(0xe8a8ec10, 12582912, IPC_CREAT|IPC_EXCL|SHM_HUGETLB|0) = 25886722
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//載入ok。按照前面的輸出
--//key=0x00000000
shmctl(25886722, IPC_STAT, 0x7fffaa47cb98) = -1 EACCES (Permission denied)
getuid() = 502
getgid() = 502
shmctl(25886722, IPC_SET, 0x7fffaa47cb98) = 0
shmat(25886722, 0x60000000, 0x180 /* SHM_??? */) = ?
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 12582912) = 12582912
close(3) = 0
open("/u01/tmp/Apr_21_10:41:07_2021/60c00000", O_RDWR|O_CREAT|O_SYNC, 0660) = 3
shmget(0xe8a8ec10, 633339904, IPC_CREAT|IPC_EXCL|SHM_HUGETLB|0) = -1 EEXIST (File exists)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//這裡存在錯誤,因為shmget第1個引數0xe8a8ec10,前面已經載入(注這是我的猜測)。
close(3) = 0
write(1, "Failed to remap SGA\n", 20Failed to remap SGA
) = 20
write(1, "Error = 17 File exists\n", 23Error = 17 File exists
) = 23
exit_group(0) = ?
--//也許在10g下可以透過,只要段定義足夠大,僅僅出現一個段,11g下被分成至少3個段。
--//不過有了這個sga映像還是能知道許多資訊,比如可以探查oracle的口令字串,透過下面的測試說明:
SYS@book> select * from user$ where name='SYSTEM'
2 @ prxx
==============================
USER# : 5
NAME : SYSTEM
TYPE# : 1
PASSWORD : 2D594E86F93B17A1
DATATS# : 0
TEMPTS# : 3
CTIME : 2013-08-24 11:37:40
PTIME : 2017-02-03 16:39:59
EXPTIME : 2016-08-24 11:45:42
LTIME : 2013-08-24 12:07:04
RESOURCE$ : 0
AUDIT$ :
DEFROLE : 1
DEFGRP# :
DEFGRP_SEQ# :
ASTATUS : 0
LCOUNT : 0
DEFSCHCLASS : DEFAULT_CONSUMER_GROUP
EXT_USERNAME :
SPARE1 : 0
SPARE2 :
SPARE3 :
SPARE4 : S:1E9BC408B7D96D495E0098F1E70FAEB7065BC203B03049D487728443FB41
SPARE5 :
SPARE6 :
PL/SQL procedure successfully completed.
--//只要檢索DEFAULT_CONSUMER_GROUP 估計前面後面幾行就是口令的字串。
$ strings 60c00000 | grep -A10 SYSTEM | grep -A10 DEFAULT_CONSUMER_GROUP | grep "S:"| sort | uniq -c
9 >S:1E9BC408B7D96D495E0098F1E70FAEB7065BC203B03049D487728443FB41l
3 >S:574F64CF334589628C7754569B8C88C0A2000C907997A2E079AD97B2B0E3l
1 >S:757313FFE2E6EF9A6335E271A6AC31A5183587AB5A50C8C99611A375F95El
1 >S:9D0352F4707B0EEF41811E091AF4731E609EDFDD80ABD412B06B2A257529
1 >S:D1C72E475ADEC14CC69D55A325D4D7C0B4373D0897DDF692B1467F53438Dl
--//結尾的字元是 l 對應ascii 6c,實際上是下一條記錄的flag.噢這個表在cluster上,我自己以前沒注意。
--//開頭的字元是 > 對應ascii 3e,表示字串長度.0x3e = 62,擷取
--//S:1E9BC408B7D96D495E0098F1E70FAEB7065BC203B03049D487728443FB41 正好62個字元。
--//基本可以猜測口令的字串就是S:1E9BC408B7D96D495E0098F1E70FAEB7065BC203B03049D487728443FB41,當然口令複雜破解需要一定
--//難度的,此處省略...
$ strings -td 60c00000 | grep -A10 SYSTEM | grep -A10 DEFAULT_CONSUMER_GROUP | grep "S:1E9BC408B7D96D495E0098F1E70FAEB7065BC203B03049D487728443FB41l" | awk '{print $1}' | xargs -IQ bash -c "echo Q/8192| bc -l "
51844.40917968750000000000
51844.43017578125000000000
51844.45104980468750000000
51844.47204589843750000000
51844.49291992187500000000
51844.51391601562500000000
51844.53479003906250000000
51844.55578613281250000000
51844.57666015625000000000
--//注:我在後面使用bbed觀察時發生錯誤,應該對應的塊是51845,再此先做一個說明。
--//都在同一個塊出現,為什麼出現多次,因為我很少使用system登入,偶爾會出現輸錯口令的情況。比如輸入錯口令後LCOUNT增加:
SYS@book> select LCOUNT from user$ where name='SYSTEM';
LCOUNT
----------
0
$ rlsql -s -l system/aaaa
ERROR:
ORA-01017: invalid username/password; logon denied
SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
SYS@book> select LCOUNT from user$ where name='SYSTEM';
LCOUNT
----------
1
SYS@book> select dump(0,16) ,dump(1,16) from dual ;
DUMP(0,16) DUMP(1,16)
--------------- -----------------
Typ=2 Len=1: 80 Typ=2 Len=2: c1,2
--//LCOUNT欄位被修改,從0->1,oracle number編碼從80->c102,長度發生了變化。這樣oracle需要重新設定kdbr的指標。在一個塊裡出現多
--//次就正常了。
--//我透過bbed驗證出現問題,我開始以為是blocksize識別問題,實際上探查的塊應該是51845.
BBED> set filename '/u01/tmp/book/60c00000'
FILENAME /u01/tmp/book/60c00000
BBED> show all
FILE# 100
BLOCK# 51844
OFFSET 7612
DBA 0x1900ca84 (419482244 100,51844)
FILENAME /u01/tmp/book/60c00000
BIFILE bifile.bbd
LISTFILE /home/oracle/bbed/filelist.txt
BLOCKSIZE 512
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=>識別為512.
MODE Edit
EDIT Unrecoverable
IBASE Dec
OBASE Dec
WIDTH 300
COUNT 64
LOGFILE log.bbd
SPOOL Yes
BBED> set blocksize 8192
BLOCKSIZE 8192
BBED> set block 51844
BLOCK# 51844
BBED> x /rncncnnttttncnnnnnccnnncct *kdbr[5]
rowdata[242] @7612
------------
flag@7612: 0x2c (KDRHFL, KDRHFF, KDRHFH)
lock@7613: 0x00
cols@7614: 15
--//注:我這裡沒有意識到user$在cluser上。
col 0[2] @7615: 6
col 1[4] @7618: book
col 2[6] @7623: 1062280681
col 3[4] @7630: book
col 4[7] @7635: #########################################
col 5[6] @7643: 3631320093
col 6[0] @7650: *NULL*
col 7[0] @7651: *NULL*
col 8[0] @7652: *NULL*
col 9[0] @7653: *NULL*
col 10[0] @7654: *NULL*
col 11[0] @7655: *NULL*
col 12[0] @7656: *NULL*
col 13[0] @7657: *NULL*
col 14[2] @7658: 8
--//看到的資訊是不是對應的塊。
$ dd if=60c00000 of=51844.dd count=1 bs=8192 skip=51844 conv=notrunc
1+0 records in
1+0 records out
8192 bytes (8.2 kB) copied, 7.4208e-05 seconds, 110 MB/s
--//bebd觀察:
BBED> set filename '/u01/tmp/book/51844.dd'
FILENAME /u01/tmp/book/51844.dd
BBED> set blocksize 8192
BLOCKSIZE 8192
BBED> set block 1
BLOCK# 1
BBED> p kdbt
struct kdbt[0], 4 bytes @106
sb2 kdbtoffs @106 0
sb2 kdbtnrow @108 21
struct kdbt[1], 4 bytes @110
sb2 kdbtoffs @110 21
sb2 kdbtnrow @112 22
--//應該是cluster表,有2個表存在。21+6 = 27
BBED> x /rcncnnttttncnnnnnccnnncct *kdbr[27]
rowdata[0] @3244
----------
flag@3244: 0x6c (KDRHFL, KDRHFF, KDRHFH, KDRHFC)
lock@3245: 0x00
cols@3246: 22
ckix@3247: 5
col 0[6] @3248: SYSTEM
col 1[2] @3255: 1
col 2[16] @3258: 2D594E86F93B17A1
col 3[1] @3275: 0
col 4[2] @3277: 3
col 5[7] @3280: 2013-08-24 11:37:40
col 6[7] @3288: 2017-02-03 16:39:59
col 7[7] @3296: 2016-08-24 11:45:42
col 8[7] @3304: 2013-08-24 12:07:04
col 9[1] @3312: 0
col 10[0] @3314: *NULL*
col 11[2] @3315: 1
col 12[0] @3318: *NULL*
col 13[0] @3319: *NULL*
col 14[1] @3320: 0
col 15[1] @3322: 0
col 16[22] @3324: DEFAULT_CONSUMER_GROUP
col 17[0] @3347: *NULL*
col 18[1] @3348: 0
col 19[0] @3350: *NULL*
col 20[0] @3351: *NULL*
col 21[62] @3352: S:1E9BC408B7D96D495E0098F1E70FAEB7065BC203B03049D487728443FB41
--//正好對應前面的顯示。噢也明白了我前面為什麼犯錯。應該在塊51845,自己搞錯了,寫的有點亂,不多這樣能記錄我當時的分析思考
--//過程以及錯誤。
--//補充說明實際上這個問題在於60c00000的第0塊無法識別為資料檔案的OS塊。這樣跟windows下使用bbed一樣,要探究的block要+1才行。
BBED> set filename '/u01/tmp/book/60c00000'
FILENAME /u01/tmp/book/60c00000
BBED> set blocksize 8192
BLOCKSIZE 8192
BBED> set block 51845
BLOCK# 51845
BBED> x /rcncnnttttncnnnnnccnnncct *kdbr[27]
rowdata[0] @3244
----------
flag@3244: 0x6c (KDRHFL, KDRHFF, KDRHFH, KDRHFC)
lock@3245: 0x00
cols@3246: 22
ckix@3247: 5
col 0[6] @3248: SYSTEM
col 1[2] @3255: 1
col 2[16] @3258: 2D594E86F93B17A1
col 3[1] @3275: 0
col 4[2] @3277: 3
col 5[7] @3280: 2013-08-24 11:37:40
col 6[7] @3288: 2017-02-03 16:39:59
col 7[7] @3296: 2016-08-24 11:45:42
col 8[7] @3304: 2013-08-24 12:07:04
col 9[1] @3312: 0
col 10[0] @3314: *NULL*
col 11[2] @3315: 1
col 12[0] @3318: *NULL*
col 13[0] @3319: *NULL*
col 14[1] @3320: 0
col 15[1] @3322: 0
col 16[22] @3324: DEFAULT_CONSUMER_GROUP
col 17[0] @3347: *NULL*
col 18[1] @3348: 0
col 19[0] @3350: *NULL*
col 20[0] @3351: *NULL*
col 21[62] @3352: S:1E9BC408B7D96D495E0098F1E70FAEB7065BC203B03049D487728443FB41
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/267265/viewspace-2769217/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 如何轉儲B*Tree索引的分枝結構(轉)索引
- Netflix如何使用bulldozer從資料倉儲批處理資料轉移到鍵值儲存?
- [轉]如何儲存Windows聚焦的鎖屏桌布Windows
- CAD如何使用旋轉命令
- MySQL儲存過程中如何使用ROLLBACKMySql儲存過程
- .Net Api 之如何使用Elasticsearch儲存文件APIElasticsearch
- [20210421]12c以上版本增加欄位與預設值.txt
- 使用mimipenguin實現從當前 Linux 使用者轉儲登入密碼NGUILinux密碼
- WordPress如何使用騰訊雲物件儲存COS儲存媒體庫附件物件
- Serverless 使用阿里雲OOS將http檔案轉存到物件儲存Server阿里HTTP物件
- 在 Linux 上如何得到一個段錯誤的核心轉儲Linux
- 如何將AI/ML與物件儲存結合使用AI物件
- Python資料儲存方式有幾種?如何使用?Python
- JAVA儲存過程(轉)Java儲存過程
- html轉image 儲存到zipHTML
- [20210421]分析會話佔用的共享記憶體段2.txt會話記憶體
- 如何使用macOS預覽批次轉換影像Mac
- 怎麼將錄音轉文字,錄音轉文字助手如何使用
- 自建Kubernetes叢集如何使用阿里雲CSI儲存元件阿里元件
- 如何加密傳輸和儲存使用者密碼加密密碼
- 轉轉倉儲自動化系統實踐
- 分散式儲存轉崗記分散式
- [20210507]分析library cache轉儲.txt
- SAP轉儲單全面總結
- 使用MITMProxy轉發請求到本地、儲存鑑權給本地請求MIT
- 如何透過 open-local 玩轉容器本地儲存? | 龍蜥技術
- 如何在對in操作使用變數繫結(轉)變數
- 如何使用Amazon S3儲存和檢索資料S3
- K8S中如何使用Glusterfs做持久化儲存?K8S持久化
- 如何使用表格儲存控制檯進行資料監控
- 如何把一個長連結轉短連結 短連結轉化器該如何使用
- SAP MM 使用兩個STO實現免關稅跨國公司間轉儲
- 分散式儲存glusterfs詳解【轉】分散式
- GlusterFS企業分散式儲存【轉】分散式
- [轉帖]OceanBase 儲存引擎詳解儲存引擎
- wsl遷移儲存位置(轉載)
- RAG實戰2-如何使用LlamaIndex儲存和讀取向量AIIndex
- Angular 如何為多個專案使用單一儲存倉庫Angular