Ever wondered how Microsoft hid mssqlsystemresource in SQL server?
Well I did!...let’s put on our reversing hats and figure this out..
Ok so first of all what do we know? It’s hidden..it doesn’t show up in the object explorer or in sys.databases
So how does sql server come up with that list of databases to display in the object explorer?
Let’s run a trace to find out!
Ok so we see the object explorer gets a list of databases from master.sys.databases.
So how does master.sys.databases get a list of databases? And how does it manage to miss the mssqlsystemresource database?
To figure out what sys.databases is made of, we can look in the mssqlsystemresource database itself.
To look at the contents of mssqlsystemresource, we need to do the following:
1. Stop the SQL server service
2. Copy the mdf and ldf files from the binn directory to some other location
3. Attach these database files with a different name
Then!
Look at the source for the sys.databases view, you’ll notice the following restriction (line 97 –ish)
WHERE d.id < 0x7fff
While selecting from the sys.sysdbreg table (and others).
**note: 7fff = 32767
According to (http://msdn.microsoft.com/en-us/library/ms179503.aspx)
This table exists in the master database, and we need to be connected using DAC in order to view it.
Sure enough, the mssqlsystemresource table is registered with a database ID of 32767, which is why it does not show up in sys.databases, and therefore neither in object explorer.
and now we know!
