I need to know if somebody can read and save to oneself packages from my database, Oracle specifically. Can I prevent it?
I mostly worry about tools like "Export schema" of Toad. How can I know somebody didn't something like exporting my database structure?
Your question is slightly vague... are you the owner (DBA) of the Database? What version of Oracle is it? Are there other DBA's?
Anyway.
Since most users can only export their own schema by default and only DBA's and users specifically granted the EXP_FULL_DATABASE role will be allowed to export your schema. (Try to export somebody elses schema to see if you have privaleges to do this)
If you are the DBA you can make sure all other users don't have the EXP_FULL_DATABSE role. However, if there are other DBA's they will be able to export your schema.
See below for an explanation of how Import / Export works?
To use Export and Import, you must have the CREATE SESSION privilege on an Oracle database. This privilege belongs to the CONNECT role established during database creation.
To export tables owned by another user, you must have the EXP_FULL_DATABASE role enabled. This role is granted to all database administrators (DBAs).
If you do not have the system privileges contained in the EXP_FULL_DATABASE role, you cannot export objects contained in another user's schema. For example, you cannot export a table in another user's schema, even if you created a synonym for it.
Sorry it's a little vague but I hope it helps.
You want to obfuscate your code? Oracle calls it wrapping: http://www.comp.dit.ie/btierney/oracle11gdoc/appdev.111/b28370/wrap.htm
Oracle can log many things like who accesses the system, who executes certain packages and procedures, who accesses data etc. The facility is called Auditing or Fine Grained Auditing. Just have a look at the documentation for the AUDIT command.
Having said that, it needs to be turned on explicitly. So if it hasn't been turned on yet, then you won't find any audit information for the past.
For the future, it's probably easier to restrict the access rights of your users to prevent them from doing it than to identify all the functions and places that would require auditing.