This is a mirror of official site: http://jasper-net.blogspot.com/

Intercepting .NET SQL queries at runtime

| Thursday, August 19, 2010
image016.jpg

SQL Server Management Studio has been designed for a very fast interaction of the Administrator and/or users with the SQL Server objects. We can see the objects by just clicking in the appropriate item, example to get the views or the users.

The purpose of this article is to show how with a quick knowledge of assembler language and pointers, the possibility to extract useful information without have the source code for any app. You can apply this article to show the queries in runtime for any .NET system. Reverse Engineering for fun. It can be applied also for Worker Processes on IIS for live debugging without Visual Studio.

Let Start. You will need a basic knowledge of .NET Debugging on Runtime Debugging like Windbg. For heuristic knowledge for .NET environments a natural way to execute commands is: SQLCommand Object, but we need to confirm this by looking if Management Studio process has instantiated this class. Let Start.

Steps

Open SQL Server Management Studio.
Login to SQL Server and execute some operations like view the objects or databases.
Open Windows debugger tool and attach the SQL Server Management Studio Process:

Once attached we can find a command line inside windows debugger.
There is a useful helper for debugging we can load this by using:

.loadby sos mscorwks

SOS windbg extensions allows to explore .NET objects at low level, based on the correct mscorwks.

Execute:

!dumpheap -type SqlCommand -stat

Dump .NET Heap for SqlCommand type (-type) and obtain an statistics of it (-stat).

Read more: Codeproject

Posted via email from .NET Info

0 comments: