9.5. ORACLE RDBMS: .SYM-FILES
We will mark the OSYM signatures and strings here:
Figure 9.23:OSYM signature and text stringsWell, let’s see. In Hiew, we will mark the whole strings block (except the trailing OSYM signatures) and
put it into a separate file. Then we run UNIXstringsandwcutilities to count the text strings:
strings strings_block | wc -l
66
So there are 66 text strings. Please note that number.
We can say, in general, as a rule, the number ofanythingis often stored separately in binary files.
It’s indeed so, we can find the 66 value (0x42) at the file’s start, right after the OSYM signature:
$ hexdump -C orawtc8.sym
00000000 4f 53 59 4d 42 00 00 00 00 10 00 10 80 10 00 10 |OSYMB...........|
00000010 f0 10 00 10 50 11 00 10 60 11 00 10 c0 11 00 10 |....P..........| 00000020 d0 11 00 10 70 13 00 10 40 15 00 10 50 15 00 10 |[email protected]...| 00000030 60 15 00 10 80 15 00 10 a0 15 00 10 a6 15 00 10 |...............|
....
Of course, 0x42 here is not a byte, but most likely a 32-bit value packed as little-endian, hence we see
0x42 and then at least 3 zero bytes.
Why do we believe it’s 32-bit? Because, Oracle RDBMS’s symbol files may be pretty big.
The oracle.sym file for the main oracle.exe (version 10.2.0.4) executable contains0x3A38E(238478) sym-
bols. A 16-bit value isn’t enough here.
We can check other .SYM files like this and it proves our guess: the value after the 32-bit OSYM signature
always reflects the number of text strings in the file.