mikesw Posted August 24, 2007 Posted August 24, 2007 I've extracted a Windows hotfix (doesn't matter which one). The extraction contains a .cat file.I'm trying to recreate the .cat file they made to see if it can be reproduced. Thus I rename the originalto something else. I also got the "makecat" and "signtool" from win2k3_r2_SDK software. (I had toinstall about 1 gig of software just to get these two files that are around 50k combined and then deletethe SDK).Here are the steps that I did.1). created my own ".cdf" file which includes the files I think they included. In my case two, the".inf" and ".ver" filenames that got extracted with the relative dir path as ".\". I didn't specifyany of the optional things in the ".cdf".2). Although I used my own tag names, it looks like the long hexidecimal number in the orginal.cat file after opening it, may be the md5 number of the file entered as the tag name in the ".cdf".3). So far each tag/file seems to get a thumbprint and thumbprint algorithm that matches the original.4). Next to sign it, I go to the "general" tab for the security catalog that I opened and select view signature. I then select under this "general" tab "view certifcate" which displays the "Windows Component publisher" certificate. And on this screen, I select "install certificate" which runs a wizard and I let it select the certificate store to use. I then go to the internet browser options selection, content tab and search around the various certificate stores for the one that matches mine and the expire date code. I then export it to a ".cer" file using either x.509 or the "DER"(?) one and name the file ".cer". I then run the "signtool signwizard /v" option and open the ".cer" file that contains the certificate I recently created. However, it then wants a "private key" which I don't have. Is there anyway around this so that I can sign the ".cat" file I'm using with the certificate MSoft used to create theirs? If I should get this working. I will open the ".cat" file and compare all the data to the original one to know if I reproduced theirs. So in the end, the digital signatures/keys should be an exact match to the original.Upon doing all this, I can modify the inf files and and repeat the process to create a .cat file to create myown customized MSoft certified hotfix.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now