database xp_cmdshell

1) xp_cmdshell的删除和恢复
  删除扩展存储过过程xp_cmdshell的语句:
exec sp_dropextendedproc 'xp_cmdshell'　

恢复cmdshell的SQL语句
EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll'

在sqlserver的query analyer中运行以下命令就可以去掉sa的xp-cmdshell权限： 
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[xp_cmdshell]') and OBJECTPROPERTY(id, N'IsExtendedProc') = 1) exec sp_dropextendedproc N'[dbo].[xp_cmdshell]' GO

一般SQL2000是通过下面语句恢复： EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll' 
而SQL97是通过下面语句恢复 EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xpsql70.dll'

sp_addextendedproc'xp_cmdshell','xpsql70.dll' (sql 7.0) sp_addextendedproc'xp_cmdshell','xplog70.dll' (sql 2000)

2)扩展储存过程被删除以后可以有很简单的办法恢复：
删除
DROP PROCEDURE sp_addextendedproc
DROP PROCEDURE sp_OACreate
exec sp_dropextendedproc 'xp_cmdshell'

恢复
dbcc addextendedproc ("sp_OACreate","odsole70.dll")
dbcc addextendedproc ("xp_cmdshell","xplog70.dll")

这样可以直接恢复，不用去管sp_addextendedproc是不是存在

-----------------------------

删除扩展存储过过程xp_cmdshell的语句:
exec sp_dropextendedproc 'xp_cmdshell'

恢复cmdshell的SQL语句
EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll'
 

开启cmdshell的SQL语句

EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll'

判断存储扩展是否存在
Select count(*) from master.dbo.sysobjects where xtype='X' and name='xp_cmdshell'
返回结果为1就OK

恢复xp_cmdshell
Exec master.dbo.addextendedproc 'xp_cmdshell','xplog70.dll';select count(*) from master.dbo.sysobjects where xtype='X' and name='xp_cmdshell'
返回结果为1就OK

否则上传xplog7.0.dll
Exec master.dbo.addextendedproc 'xp_cmdshell','C:\WinNt\System32\xplog70.dll'

堵上cmdshell的SQL语句
sp_dropextendedproc "xp_cmdshell"