{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 冷血范 的问题《Microsoft Security Catalog Format Documentation an》','https://www.manongdao.com/q-1249141.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm looking for any documentation on the API for working with Microsoft Security Catalogs, or in lieu of that, information on the file format so that I may write my own parser.
In short, I have some .cat files that I need to be able to work with. Looking at the file in a hex editor, they obviously have different regions, which are delimited somehow (looks like typical binary saved structs). I need to get certain information out of them, and ignore other information.
I could probably reverse engineer the format and parse out what I need, but I'd prefer to do that either through the Win32 API, or at least write my parser to be correct for the format, instead of just "able to do what I need it to do".
MSCAT32.DLL seems to be the signficant one, but I'm not sure it has exports to do what I need... It's a bit cryptic (no pun intended).
Any information at all would be helpful.
Just to toss a few more keywords in here...
The MIME type is: application/vnd.ms-pki.seccat The magic header bytes are: 30 80 09 06 The field delimiters in the file seem to be: EOT (04) and € (80) A program that generates them is: MakeCat.exe
Microsoft Security Catalogs are nothing more than binary files, coded in ASN.1 DER format. Inside the file is PKCS#7 signed data with additional fields for Microsoft specific stuff (coded with Microsoft OIDs). A list of these OIDs can be found here: https://support.microsoft.com/en-us/kb/287547
If you want to decode ASN.1 DER, use for example this JavaScript based encoder: http://lapo.it/asn1js/
By the way:
30 80 09 06is not the file magic, but means there is a constructiveSEQUENCEwith unknown length starting there. ASN.1 DER Files do not have any magic, but start with aSEQUENCE(which is coded in DER as0x30in many cases.Here is a definition of the wintrust calls that are used by makecat Look under Catalog Definition Functions Catalog Functions which are made up of certificate trust list (CTL) A predefined list of items that have been signed by a trusted entity. A CTL can be anything, such as a list of hashes of certificates, or a list of file names. All the items in the list are authenticated (approved) by the signing entity.
which in turn are composed on pkcs#7 blobs