Hi

Most tools have licences that state you should not reverse engineer etc
so i would guess you are breaching IP. If you are not then there are a
few options. If on Unix use truss or similar, truss allows tracing of
library calls into shared libraries besides system calls so you should
see entries to all OCI calls. There are windoz equivalents but they are
not as good, if you have money then use softice or if not use gdb. 

You could create a wrapper or thin interface for all OCI calls where
your call calls the real OCI function. Then make sure your library is
loaded for the tool. If i remember there was a discussion on similar
lines on the Oracle server newsgroup recently where someone wanted to
see what SQL a generated application was sending to the server. 

If you just want to see SQL and not exactly the OCI calls then you could
use SQLNet trace SUPPORT level and trcasst might be of some use in
formatting the trace files. Or use snoop on Unix and pull out the SQL
etc from the packets.

hth

kind regards

Pete

-- 
Pete Finnigan
email:[EMAIL PROTECTED]
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Pete Finnigan
  INET: [EMAIL PROTECTED]

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

Reply via email to