Ora BBED 0a

BBED (Block Browser Editor) is a tool for Oracle internal use, and it helps you to read and mani
pulate data at the Oracle Database block level. No need to say that it’s very powerful and also
extremely dangerous because you can corrupt data/header blocks. There’s an unofficial but very
comprehensive manual for BBED. It’s written by Graham Thornton. You can download it as PDF:
http://orafaq.com/papers/dissassembling_the_data_block.pdf
Before Oracle 11g, BBED object code is shipped but you need to compile it to be able to run it.
On 11g, the required files to compile BBED is not shipped. So you need to copy the following
files from an Oracle 10g home to Oracle 11g home:
$ORACLE_HOME/rdbms/lib/sbbdpt.o
$ORACLE_HOME/rdbms/lib/ssbbded.o
$ORACLE_HOME/rdbms/mesg/bbedus.msb
$ORACLE_HOME/rdbms/mesg/bbedus.msg
What will you do if you don’t have access to any Oracle 10g software home? As you know, Oracle
doesn’t provide link to download Oracle 10g anymore. You may open a service request and ask for
it, but there’s an easier way: You can get the required files by downloading the 10.2.0.5 patchset
from My Oracle Support. Download p8202632_10205_Linux-x86-64.zip, and then issue the
following commands (I assume that you have already set the oracle environment variables):
unzip -j p8202632_10205_Linux-x86-64.zip \
*/oracle.rdbms/10.2.0.5.0/1/DataFiles/filegroup48.1.1.jar -d /tmp
*/oracle.rdbms.util/10.2.0.5.0/1/DataFiles/filegroup6.1.1.jar -d /tmp
unzip -j /tmp/filegroup48.1.1.jar sbbdpt.o ssbbded.o -d /tmp
unzip -j /tmp/filegroup6.1.1.jar bbedus.ms* -d /tmp
cp /tmp/s*bd*.o $ORACLE_HOME/rdbms/lib
cp /tmp/bbedus.ms* $ORACLE_HOME/rdbms/mesg
*/oracle.rdbms/10.2.0.5.0/1/DataFiles/filegroup48.1.1.jar -d /tmp
*/oracle.rdbms.util/10.2.0.5.0/1/DataFiles/filegroup6.1.1.jar -d /tmp
unzip -j /tmp/filegroup48.1.1.jar sbbdpt.o ssbbded.o -d /tmp
unzip -j /tmp/filegroup6.1.1.jar bbedus.ms* -d /tmp
cp /tmp/s*bd*.o $ORACLE_HOME/rdbms/lib
cp /tmp/bbedus.ms* $ORACLE_HOME/rdbms/mesg
When the files are copied, you can compile bbed utility:
make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk \
BBED=$ORACLE_HOME/bin/bbed $ORACLE_HOME/bin/bbed
BBED tool will ask you password when you try to run it. It’s not hard to find if you can use GNU
debugger. You can even find it if you examine the strings in the file, but I see that it’s not a secret
and there are already websites telling the password so here it is: BLOCKEDIT
1.上传（sbbdpt.o ssbbded.o bbedus.msb，该三个文件拷贝 oracle 的 linux64 版本的）文件，

到如下代码展示的目录中
三个文件下载地址：linux10g_64_bbed.7z
SQL> select * from v$version where rownum=1;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
[oracle@DG lib]$ pwd

/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib
[oracle@DG lib]$ ls ssbbded.o sbbdpt.o
sbbdpt.o ssbbded.o
[oracle@DG lib]$ cd ../mesg/
[oracle@DG mesg]$ pwd
/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/mesg
[oracle@DG mesg]$ ls bbedus.msb
bbedus.msb
[oracle@DG mesg]$
2.执行如下命令：
[oracle@DG ~]$ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk BBED=$ORACLE_HO
ME/bin/bbed $ORACLE_HOME/bin/bbed
以下为执行命令后默认输出的
Linking BBED utility (bbed)
rm -f /u01/app/oracle/product/11.2.0/dbhome_1/bin/bbed
gcc -o /u01/app/oracle/product/11.2.0/dbhome_1/bin/bbed -m64
-L/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/
-L/u01/app/oracle/product/11.2.0/dbhome_1/lib/
-L/u01/app/oracle/product/11.2.0/dbhome_1/lib/stubs/
/u01/app/oracle/product/11.2.0/dbhome_1/lib/s0main.o
/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/ssbbded.o
/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/sbbdpt.o `cat
/u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11
-ldbtools11 -lclntsh `cat /u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags` -lncrypt11
-lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags`
-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lztkg11 -lztkg11 -lclient11 -lnnetd11
-lvsn11 -lcommon11 -lgeneric11 -lmm -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11
-lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `cat
/u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11
-lnro11 `cat /u01/app/oracle/product/11.2.0/dbhome_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11
-ln11 -lnl11 -lclient11 -lnnetd11 -lvsn11 -lcommon11 -lgeneric11 -lsnls11 -lnls11 -lcore11
-lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11
-lclient11 -lnnetd11 -lvsn11 -lcommon11 -lgeneric11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11
-lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `cat
/u01/app/oracle/product/11.2.0/dbhome_1/lib/sysliblist` -Wl,-
rpath,/u01/app/oracle/product/11.2.0/dbhome_1/lib -lm `cat
/u01/app/oracle/product/11.2.0/dbhome_1/lib/sysliblist` -ldl -lm
-L/u01/app/oracle/product/11.2.0/dbhome_1/lib
3.登录，默认密码 blockedit，出现如下提示符安装成功
[oracle@DG ~]$ bbed
Password:
BBED: Release 2.0.0.0.0 - Limited Production on Sat Sep 8 15:29:28 2012
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
************* !!! For Oracle Internal Use only !!! ***************
BBED> show all

FILE# 0
BLOCK# 1
OFFSET 0
DBA 0x00000000 (0 0,1)
FILENAME
BIFILE bifile.bbd
LISTFILE
BLOCKSIZE 8192
MODE Browse
EDIT Unrecoverable
IBASE Dec
OBASE Dec
WIDTH 80
COUNT 512
LOGFILE log.bbd
SPOOL No
Example#1-Changing Data
SQL> conn scott/tiger

Connected.
SQL> select * from presidents;
NAME START_YEAR END_YEAR

-------------------- ---------- ----------
Dwight Eisnehower 1953 1961
Jonh Kennedy 1961 1963
SQL> select rowid from presidents where name = 'Dwight Eisnehower';
ROWID
------------------
AAASTyAAEAAAAivAAA
create or replace function get_rowid(l_rowid in varchar2) return varchar2 is

ls_my_rowid varchar2(200);
rowid_type number;
object_number number;
relative_fno number;
block_number number;
row_number number;
begin
dbms_rowid.rowid_info(l_rowid,
rowid_type,
object_number,
relative_fno,
block_number,
row_number);
ls_my_rowid := 'Row_id type is :' || to_char(rowid_type) || chr(10) ||
'Object# is :' || to_char(object_number) || chr(10) ||
'Relative_fno is :' || to_char(relative_fno) || chr(10) ||
'Block number is :' || to_char(block_number) || chr(10) ||
'Row number is :' || to_char(row_number);
return ls_my_rowid;
end;
SQL> select get_rowid('AAASTyAAEAAAAivAAA') row_id from dual;
ROW_ID
------------------------------------------------------------
Row_id type is :1
Object# is :74994
Relative_fno is :4
Block number is :2223
Row number is :0
[oracle@DG ~]$ bbed parfile=bbed.par
Password:
BBED> set dba 4,2223
DBA 0x010008af (16779439 4,2223)
BBED> find /c Dwight

File: /u01/app/oracle/oradata/oracle/users01.dbf (4)
Block: 2223 Offsets: 8161 to 8191 Dba:0x010008af
------------------------------------------------------------------------
44776967 68742045 69736e65 686f7765 72043139 35330431 39363101 0611d9
<32 bytes per line>

BBED> dump /v dba 4,2223 offset 8161 count 64
-------------------------------------------------------
44776967 68742045 69736e65 686f7765 l Dwight Eisnehowe
72043139 35330431 39363101 0611d9 l r.1953.1961...ù
<16 bytes per line>
BBED> modify /c Eisn dba 4,2223 offset 8161

Warning: contents of previous BIFILE will be lost. Proceed? (Y/N) y
------------------------------------------------------------------------
4569736e 68742045 69736e65 686f7765 72043139 35330431 39363101 0611d9
<32 bytes per line>
BBED> dump /v dba 4,2223 offset 8161 count 64

-------------------------------------------------------
4569736e 68742045 69736e65 686f7765 l Eisnht Eisnehowe
72043139 35330431 39363101 0611d9 l r.1953.1961...ù
<16 bytes per line>
BBED> sum dba 4,2223

Check value for File 4, Block 2223:
current = 0xcf83, required = 0xd494
BBED> sum dba 4,2223 apply

current = 0xd494, required = 0xd494
BBED> exit
SQL> alter system flush buffer_cache;

System altered.
Connected.
-------------------- ---------- ----------
Eisnht Eisnehower 1953 1961
备注：Dwight 被 Eisn 替换是按照顺序进行的且字节数一致，替换后为 Eisnht，如果 ht 也提

替换可以空格补充。
Example#2-Recovering Deleted Rows

删除一条记录
-------------------- ---------- ----------
Richard Nixon 1969 1974
SQL> delete from presidents where name = 'Richard Nixon';

1 row deleted.
SQL> commit;
Commit complete.

-------------------- ---------- ----------
根据段名查询相关信息，并 dump 数据块
SQL> select HEADER_FILE,HEADER_BLOCK,BLOCKS from dba_segments where SEGM

ENT_NAME = 'PRESIDENTS';
HEADER_FILE HEADER_BLOCK BLOCKS
----------- ------------ ----------
4 2218 8
SQL> alter system dump datafile 4 block min 2218 block max 2225;
System altered.
SQL> oradebug setmypid;

Statement processed.
SQL> oradebug tracefile_name;
/u01/app/oracle/diag/rdbms/oracle/oracle/trace/oracle_ora_3381.trc
查看 trace 文件，这里我 dump 了 8 个块，这里稍微解释下“--H-FL--”（数据块属性）=

Row Flag=32+8+4=44=0x2c ， “ --HDFL--” （删除数据块属性） = Row
Flag=32+16+8+4=60=0x3c
.....省略.....
block_row_dump:
tab 0, row 0, @0x1f79
tl: 31 fb: --H-FL-- lb: 0x0 cc: 3
col 0: [17] 45 69 73 6e 68 74 20 45 69 73 6e 65 68 6f 77 65 72
col 1: [ 4] 31 39 35 33
col 2: [ 4] 31 39 36 31
tab 0, row 1, @0x1f5f
tl: 26 fb: --H-FL-- lb: 0x0 cc: 3
col 0: [12] 4a 6f 6e 68 20 4b 65 6e 6e 65 64 79
col 1: [ 4] 31 39 36 31
col 2: [ 4] 31 39 36 33
tab 0, row 2, @0x1f44
tl: 27 fb: --HDFL-- lb: 0x1 cc: 3
col 0: [13] 52 69 63 68 61 72 64 20 4e 69 78 6f 6e
col 1: [ 4] 31 39 36 39
col 2: [ 4] 31 39 37 34
end_of_block_dump
.....省略.....
定位数据块
BBED> set dba 4,2218 offset 0
DBA 0x010008aa (16779434 4,2218)
OFFSET 0
查找被删除数据
BBED> find /c Nixon
BBED-00212: search string not found
DBA 0x010008ab (16779435 4,2219)
OFFSET 0
BBED> find /c Nixon


DBA 0x010008ac (16779436 4,2220)
OFFSET 0
BBED> find /c Nixon


DBA 0x010008ad (16779437 4,2221)
OFFSET 0
BBED> find /c Nixon


DBA 0x010008ae (16779438 4,2222)
OFFSET 0
BBED> find /c Nixon


DBA 0x010008af (16779439 4,2223)
OFFSET 0
BBED> find /c Nixon

------------------------------------------------------------------------
4e69786f 6e043139 36390431 3937342c 00030c4a 6f6e6820 4b656e6e 65647904
31393631 04313936 332c0003 11456973 6e687420 4569736e 65686f77 65720431
39353304 31393631 0206d148
<32 bytes per line>
dump 数据块内容
BBED> d /v dba 4,2223 offset 8116
-------------------------------------------------------
4e69786f 6e043139 36390431 3937342c l Nixon.1969.1974,
00030c4a 6f6e6820 4b656e6e 65647904 l ...Jonh Kennedy.
31393631 04313936 332c0003 11456973 l 1961.1963,...Eis
6e687420 4569736e 65686f77 65720431 l nht Eisnehower.1
39353304 31393631 0206d148 l 953.1961..?H
<16 bytes per line>
根据下面内容可以得出：一个偏移量两个字节，而“4e69786f”是 8 个字节，所以一次想
跳 8 个字节，offset 一次偏移 4
-------------------------------------------------------
4e69786f 6e043139 36390431 3937342c l Nixon.1969.1974,
00030c4a 6f6e6820 4b656e6e 65647904 l ...Jonh Kennedy.
31393631 04313936 332c0003 11456973 l 1961.1963,...Eis
6e687420 4569736e 65686f77 65720431 l nht Eisnehower.1
39353304 31393631 0206d148 l 953.1961..?H
<16 bytes per line>

-------------------------------------------------------
204e6978 6f6e0431 39363904 31393734 l Nixon.1969.1974
2c00030c 4a6f6e68 204b656e 6e656479 l ,...Jonh Kennedy
04313936 31043139 36332c00 03114569 l .1961.1963,...Ei
736e6874 20456973 6e65686f 77657204 l snht Eisnehower.
31393533 04313936 310206d1 48 l 1953.1961..?H
<16 bytes per line>
找到块头
-------------------------------------------------------
3c02030d 52696368 61726420 4e69786f l <...Richard Nixo
6e043139 36390431 3937342c 00030c4a l n.1969.1974,...J
6f6e6820 4b656e6e 65647904 31393631 l onh Kennedy.1961
04313936 332c0003 11456973 6e687420 l .1963,...Eisnht
4569736e 65686f77 65720431 39353304 l Eisnehower.1953.
31393631 0206d148 l 1961..?H
<16 bytes per line>
再次确认被删除数据位置
BBED> p kdbr
sb2 kdbr[0] @118 8057
sb2 kdbr[1] @120 8031
sb2 kdbr[2] @122 8004
BBED> p *kdbr[0]
rowdata[53]
-----------
ub1 rowdata[53] @8157 0x2c
BBED> p *kdbr[1]
rowdata[27]
-----------
BBED> p *kdbr[2]
rowdata[0]
----------
恢复删除数据
BBED> modify /x 2c offset 8104
Warning: contents of previous BIFILE will be lost. Proceed? (Y/N) y
------------------------------------------------------------------------
2c02030d 52696368 61726420 4e69786f 6e043139 36390431 3937342c 00030c4a
6f6e6820 4b656e6e 65647904 31393631 04313936 332c0003 11456973 6e687420
4569736e 65686f77 65720431 39353304 31393631 0206d148
<32 bytes per line>
生效恢复
BBED> sum dba 4,2223
current = 0xcfd0, required = 0xcfc0
BBED> sum dba 4,2223 apply

current = 0xcfc0, required = 0xcfc0
再次 dump 数据块确认成功
-------------------------------------------------------
2c02030d 52696368 61726420 4e69786f l ,...Richard Nixo
6e043139 36390431 3937342c 00030c4a l n.1969.1974,...J
6f6e6820 4b656e6e 65647904 31393631 l onh Kennedy.1961
04313936 332c0003 11456973 6e687420 l .1963,...Eisnht
4569736e 65686f77 65720431 39353304 l Eisnehower.1953.
31393631 0206d148 l 1961..?H
<16 bytes per line>

---------------------
查询表，数据成功恢复
SQL> alter system flush buffer_cache;
System altered.

Connected.

-------------------- ---------- ----------
Richard Nixon 1969 1974

Ora BBED 0a

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ora BBED 0a

Uploaded by

Copyright:

Available Formats

BBED (Block Browser Editor) is a tool for Oracle internal use, and it helps you to read and mani

1.上传（sbbdpt.o ssbbded.o bbedus.msb，该三个文件拷贝 oracle 的 linux64 版本的）文件，

[oracle@DG lib]$ pwd

BBED> show all

SQL> conn scott/tiger

NAME START_YEAR END_YEAR

SQL> select rowid from presidents where name = 'Dwight Eisnehower';

create or replace function get_rowid(l_rowid in varchar2) return varchar2 is

SQL> select get_rowid('AAASTyAAEAAAAivAAA') row_id from dual;

BBED> find /c Dwight

<32 bytes per line>

<16 bytes per line>

BBED> modify /c Eisn dba 4,2223 offset 8161

<32 bytes per line>

BBED> dump /v dba 4,2223 offset 8161 count 64

<16 bytes per line>

BBED> sum dba 4,2223

BBED> sum dba 4,2223 apply

SQL> alter system flush buffer_cache;

备注：Dwight 被 Eisn 替换是按照顺序进行的且字节数一致，替换后为 Eisnht，如果 ht 也提

Example#2-Recovering Deleted Rows

SQL> delete from presidents where name = 'Richard Nixon';

SQL> select * from presidents;

SQL> select HEADER_FILE,HEADER_BLOCK,BLOCKS from dba_segments where SEGM

SQL> oradebug setmypid;

查看 trace 文件，这里我 dump 了 8 个块，这里稍微解释下“--H-FL--”（数据块属性）=

BBED> find /c Nixon

BBED> set dba 4,2220 offset 0

BBED> find /c Nixon

BBED> set dba 4,2221 offset 0

BBED> find /c Nixon

BBED> set dba 4,2222 offset 0

BBED> find /c Nixon

BBED> set dba 4,2223 offset 0

BBED> find /c Nixon

<32 bytes per line>

<16 bytes per line>

<16 bytes per line>

BBED> d /v dba 4,2223 offset 8115

<16 bytes per line>

<16 bytes per line>

<32 bytes per line>

BBED> sum dba 4,2223 apply

<16 bytes per line>

SQL> conn scott/tiger

NAME START_YEAR END_YEAR

You might also like