读取目录文件信息

Windows 目录文件由全局属性集合和每个文件属性集合组成，然后对这些属性集合进行数字签名并用于在安装过程中验证 Windows 驱动程序包。

要访问存储在

.cat

WinTrust.dll

bcrypt.dll

解析

.cat

//
// © 2023 by Igor Levicki. All Rights Reserved.
//
// License : MIT NO-AI
//
// Permission is hereby granted, free of charge, to any person obtaining a copy of this software
// and associated documentation files (the “Software”), to deal in the Software without restriction,
// including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
// and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so.
//
// Permission is not granted to use this software or any of the associated files as sample data for the
// purposes of building machine learning models.
//
// THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
// WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//

#include <Windows.h>
#include <mscat.h>
#include <WinTrust.h>
#include <mssip.h>

#pragma comment(lib, "wintrust.lib")
#pragma comment(lib, "bcrypt.lib")

int wmain(int argc, wchar_t *argv[])
{
    HCRYPTPROV hProv;

    if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {
        DWORD Error = GetLastError();
        if (Error == NTE_BAD_KEYSET) {
            if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
                return 1;
            }
        }
    }

    HANDLE hCat = CryptCATOpen(L"nv_disp.cat", CRYPTCAT_OPEN_EXISTING, hProv, CRYPTCAT_VERSION_1, 0);

    // Enumerate global catalog attributes (entries shown in General tab)
    CRYPTCATATTRIBUTE *pCatAttr = NULL;

    for (pCatAttr = CryptCATEnumerateCatAttr(hCat, pCatAttr); pCatAttr != NULL; pCatAttr = CryptCATEnumerateCatAttr(hCat, pCatAttr)) {
        // TODO: Do what you want with global attributes here
    }

    // Enumerate catalog members (entries shown in Security Catalog tab under Catalog Entries)
    CRYPTCATMEMBER *pMember = NULL;

    for (pMember = CryptCATEnumerateMember(hCat, pMember); pMember != NULL; pMember = CryptCATEnumerateMember(hCat, pMember)) {
        // Member ReferenceTag is essentially a hash (SHA1, SHA256, ...) of a catalog member
        wprintf(L"Reference Tag : %s\n", pMember->pwszReferenceTag);

        // EXAMPLE #1:
        // Get a specific attribute of a catalog member by name ("File" in this case represents filename)
        CRYPTCATATTRIBUTE *pFileAttr = CryptCATGetAttrInfo(hCat, pMember, L"File");
        // Get the filename
        wchar_t *FileName = (wchar_t*)pFileAttr->pbValue;

        // EXAMPLE #2:
        // Enumerate all attributes of a catalog member (entries shown in Security Catalog tab under Entry Details)
        CRYPTCATATTRIBUTE *pAttr = NULL;

        for (pAttr = CryptCATEnumerateAttr(hCat, pMember, pAttr); pAttr != NULL; pAttr = CryptCATEnumerateAttr(hCat, pMember, pAttr)) {
            // TODO: Do what you want with catalog member attributes here
        }
    }

    if (hCat != NULL) {
        CryptCATClose(hCat);
    }

    if (hProv != NULL) {
        CryptReleaseContext(hProv, 0);
    }
    
    return 0;
}