Author: raman
Subject: How does CryptCATAdminEnumCatalogFromHash() work?
Posted: 06 May 2014 at 8:07pm
I have a need to find the system CAT file for any given executable on a Windows OS computer image (not a live running system)
I need to manually do whatever CryptCATAdminEnumCatalogFromHash() does to find the catalog file name, given the hash for the executable.
Anybody know where is this mapping of Hash to .CAT file maintained?
( I know that the .cat files are found in %windir%/system32/catroot, and one of them would have the hash I need, but I'm looking for more efficient way than to parse all of those .CAT file, which may run into several hundred to a few thousands)
Related question - anybody have any pointers to the format/structure of the .CAT files?
Thanks for your help!
Subject: How does CryptCATAdminEnumCatalogFromHash() work?
Posted: 06 May 2014 at 8:07pm
I have a need to find the system CAT file for any given executable on a Windows OS computer image (not a live running system)
I need to manually do whatever CryptCATAdminEnumCatalogFromHash() does to find the catalog file name, given the hash for the executable.
Anybody know where is this mapping of Hash to .CAT file maintained?
( I know that the .cat files are found in %windir%/system32/catroot, and one of them would have the hash I need, but I'm looking for more efficient way than to parse all of those .CAT file, which may run into several hundred to a few thousands)
Related question - anybody have any pointers to the format/structure of the .CAT files?
Thanks for your help!
