CAT files

[Oleg_II]

Working on removing DTC and IIS components I found that some CAT files become obsolete. I may be wrong but registering these files take some time before installing devices. This is the only info I have by now:

CAT files found in SYSSETUP.INF:

[ProductCatalogsToInstall]
NT5INF.CAT - digital signature catalog file for hardware drivers included in source (?)
NT5.CAT - digital signature catalog file for core OS binaries? (can be deleted)
NT5PRTX.CAT - ? (can be deleted)
NT5IIS.CAT - IIS? (can be deleted)
MAPIMIG.CAT - ? (can be deleted)
CJIME.CAT - Japanese? (can be deleted)
DTCSETUP.CAT - DTC component (can be deleted)
FP4.CAT - FrontPage extentions? (can be deleted)
IMS.CAT - IIS (can be deleted)
MQEXCHNG.CAT - ? (can be deleted)
PHIME.CAT - Chinese Traditional (can be deleted)
PYIME.CAT - Chinese Simplified Pin Yin input (can be deleted)
SCRDBCAT.CAT - ? (can be deleted)
HPCRDP.CAT - ? (can be deleted)
MW770.CAT - digital signature for IBM MWave modem/sound card (can be deleted)
IASNT4.CAT - ? (can be deleted)
SP4.CAT - SP4.CAB related? (can be deleted)

Anybody knows what component they represent? And I found more then 50 CATs in my system (some of them for hotfixes).

Edited December 25, 2005 by Oleg_II

[fdv]

CATfile installation (AFAIK, CAT files are simply installed) does not in my findings take all that long. They are not registered, just dumped into a directory. If SFC is off, CAT checking / referencing is off.

I tried an install once without ANY and it bombed. I put back NT5INF.CAT, 1 and SP4 and it seemed to go okay but did not appreciably faster. What does take so long is the long list of DLLs in SYSSETUP.IN_. You know, Windows will attempt to register a file for up to 60 seconds and only then give up if it fails (not counting when it can't find a file).

BTW, the site linked to in Oleg_II's post has a post in it by someone who removes components after installation and he has occasionally shown up in the nLite forum. Although he was late to the party by several years, he wants Windows component removal to be his "own." He is anti-nLite and poormouths people like us in this forum for a variety of reasons (including alleging in some forums at one point that a certain prominent MSFN'er is a plagiarist -- hopefully he took all that down). I won't get into who he is or great details because I obey MSFN rules, but his info is misleading and I advise people to steer clear of him and his forums.

Edited December 14, 2005 by fdv

[Oleg_II]

FDV

I removed SP4.CAT. It seems to be related to SP4.CAB. I removed 7 CATs from this list and 3 from SVCPACK and Windows works (just installed it on a real computer). I also didn't noticed resonable speed increasing. But trying to get perfect installation without any files that are not needed and for learning purposes it was fun and I'll continue removing a couple more CATs to see how it'll go

As for installing... I don't know but these files have their own directory something like {F750E6C3-38EE-11D1-85E5-00C04FC295EE} with other files except CATs and in my case it takes about 5MB It's too much on my opinion for files that don't have any functionality.

My installation tooks only 16 minutes now. Only 2-3 minutes on copying files. Most time spent on installing devices. Maybe deleting a couple of files won't give a dramastic result but when about 3K files deleted (including drivers) it gives some results

And as I said before - the size is not everything but... I also stand for a "clean" and fast registry

[Oleg_II]

I found this in Unattended Windows Discussion & Support > Device Drivers

Bilou_Gateux:

Obtaining Digital Signatures for Windows Drivers

Driver Signing uses the existing Digital Signature cryptographic technology to store identifying information in a catalog file (*.cat, or CAT file). CAT files are stored in <Windir>\Catroot. This information identifies the driver as having passed testing by Windows Hardware Quality Labs (WHQL). No change is made to the driver binary itself. Instead, a CAT file is created for each driver package and the CAT file is signed with a Microsoft digital signature. The relationship between the driver package and its CAT file is referenced in the driver's INF file, and is maintained by the computer after the driver is installed.

INF File Changes

The digital signature is stored in a CAT file. The following modifications to INF files are required for IHVs/ISVs who want to obtain digital signature for their drivers:

In the [Version]section of the INF, the entry CatalogFile=<filename.cat> is added.

An entry for the CAT file in the [sourceDisksFiles] section is added. For example, an IHV submits a driver package to a WHQL that includes files named Sample.inf, Sample.drv, and Sample.txt.

If the package passes WHQL testing, WHQL will return the original Sample.inf, Sample.drv and Sample.txt with the addition of Sample.cat.

Very interesting information! So, if I want to delete CATs I should (better?) also delete CatalogFile entry in apropriate INF?

[fdv]

this is good info. i agree that if it's just wasted space, 5 megs is good to recover.

what about the driver checking setting?

DriverSigningPolicy=Ignore in WINNT.SIF? if that's off, are CAT entries in INF files not references?

anyone know?

also, there is no INF for SP4.CAB. what do you make of that?

okay here is another weird thing.

i keep a folder of all of the INF files, expanded, on my HDD so i can do fast searches without having to expand them all the time. i did a search for "CatalogFile" and only one hit came up... and it was commented out in the file.

<digs deeper>

okay. here is the list of CAT files from SYSSETUP.

NT5INF.CAT, 1

NT5.CAT

NT5PRTX.CAT

NT5IIS.CAT

MAPIMIG.CAT

CJIME.CAT

DTCSETUP.CAT

FP4.CAT

IMS.CAT

MQEXCHNG.CAT

PHIME.CAT

PYIME.CAT

SCRDBCAT.CAT

HPCRDP.CAT

MW770.CAT

IASNT4.CAT

SP4.CAT

just playing around, i took one, PYIME.CAT, and Googled. I got the following CLSID (thought I could have from the CAT directory, but anyway, stay with me here) I got F750E6C3-38EE-11D1-85E5-00C04FC295EE so i opened the registry and this was at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\

which i guess is known, probably, but i find no other use for this IME file on my system. so, what happens if i delete all of the keys under CertCheck? why is it that Trusted Root Certification Authorities was only accessable via IE? and if IE is gone... the DLLs like WINTRUST are still there, but i am wondering, are they junk without IE? or might they be used by something else?

i think it's time to find DEPENDS.EXE and see if any ofthe crypto DLLs are referenced in the kernel files like NTOSKRNL and others...

[Bilou_Gateux]

@fdv

All those cat files listed on syssetup.inf are used during install to check if base components are not hacked in source using Cryptographic service and SFC.

If you remove some Windows Components like FrontPage extensions (fp5ext.inf in Server 2003) using nLite or other method, you can probably remove the corresponding fp5.cat file and install your OS with File Protection disabled without errors. I haven't checked this myself. It may need to do some changes in layout.inf also.

You must probably keep only NT5.CAT NT5INF.CAT to install the core OS.

NT5.CAT is the digital signature catalog file for core OS binaries and

NT5INF.CAT is the digital signature catalog file for hardware drivers included in source (like nVidia display driver nv4_disp.inf)

When you install an OEM digitally signed driver like the latest WHQL nVidia display driver, the cat file is added in %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

If you set DriverSigningPolicy=Ignore in WINNT.SIF, you can bypass digital signature check during install and install the latest OEM nVidia non-WHQL driver beta for example. As stated on this KB article, you can use this setting to modify some Windows inf's to change behavior during install.

More detailled infos about cryptographic service

Late addition:

As i recall, mw770.cat is digital signature for IBM MWave modem/sound card hardware found on old Thinkpad laptops. It's probably a "just before release" addition in 2000 source and MSFT just add a single cat specific to this hardware rather than reissued a full nt5inf.cat. By removing the corresponding files (just like nLite does), you can remove cat file and binaries from both source and files referencing (txtsetup.sif, layout.inf, syssetup.inf...)

Edited December 21, 2005 by Bilou_Gateux

[Oleg_II]

Bilou_Gateux

When using FDV's files we already disable SFC.

I have not tried removing all CATs, only removed 7 of this list and Windows 2k is working on VirtualPC and on a real computer. And I also removed some files from CORELIST.INF - I got only one error registering ODBC when I removed this component. So I think the cryptographic service is disabled with FDV's files. And then we can delete all (or most) CATs?

FDV

Please be carefull with IME files I don't know for sure but they may be needed by user input. PYIME is for Simplified Chinese PinYin input method.

How it connected with IE? Don't know but I remember back when I was using Windows 98 I had to install third party software to unable Chinese characters input in documents. Then when IE5.5 (?) came out it became possible to specify Chinese Simplified input during upgrade and I could type Chinese characters in OE (don't remember about M$ Office at that time). Later a new M$ Office version came out and it has the ability to install IME too.

But maybe it's safe to delete these IMEs from the source. Maybe it's related to the MUI or user interface. I think that PinYin input method is installed from PYIME.EX_ from SOURCE\i386\LANG\CHS folder. Should try it.

Edited December 21, 2005 by Oleg_II

[Bilou_Gateux]

If you find all dependencies for Microsoft Global Input Method Editors (IMEs), you can probably remove those .cat files.

When i install MSFT Office, i always use customized method to turn off the speech recognition and handwriting recognition features in Office XP that can be configured in Control Panel, Regional and languages options in order not Office or Windows prompting me to install supplemental language support and i don't open web pages or docs written with these languages.

[Oleg_II]

I use FDV's fileset and can delete those CATs without worrying about IME's. As far as I understood with FDV's fileset CATs are not needed

But some of them like NT5INF.CAT and NT5.CAT should be tested for removing B)

Hmm...

FDV

Just a thought: if the cryptographic service is disabled we don't need its files? Or if we change SFC files later it could be enabled?

Edited December 21, 2005 by Oleg_II

[fdv]

i will do a VM test of disabling the crypto services.

i wonder if it will matter if i disable and then install software, or if i have software installed already and then disable it. i'll also look for a regkey to shut it off at installation and see what that does at some point.

more later.

[Oleg_II]

Sorry, my English

I meant: when we use your fileset we disable Windows File Protection. We discussed once that after installation we can change SFC.DLL to the original (say from BartPe or with other methods) and it will re-enable Windows File Protection. Will it?

And if we disable the cryptographic service through the Registry and even delete its files, will that influence re-enabling Windows File Protection when we chang SFC.DLL back to the original?

Or Windows File Protection is something different and independant from the cryptographic service?

[fdv]

when we use your fileset we disable Windows File Protection. We discussed once that after installation we can change SFC.DLL to the original (say from BartPe or with other methods) and it will re-enable Windows File Protection. Will it?

absolutely. it works primarily in conjunction with the protected files list in SFCFILES. i routinely do this on installs and it works perfectly.

And if we disable the cryptographic service through the Registry and even delete its files, will that influence re-enabling Windows File Protection when we chang SFC.DLL back to the original?

apparently it will not influcence SFC.

But here is what happens (supposedly!) when you disable the Crypto Services:

http://support.microsoft.com/default.aspx?...kb;EN-US;822798

what i can't figure out is that this service does not appear in my list so i guess i am not looking hard enough. i am attaching my auto services, where is it? i dont have it in my list at all by default (it is not in the inactive services either).

Or Windows File Protection is something different and independant from the cryptographic service?

i think so... SFC checks all the time to see if a file gets replaced. crypto services is called on when an installer wants to make sure a file is signed. once a file is installed, can you delete the CAT file? and leave crypto alone? i am going to rename my SP4.CAT right now and see what sort of things occur in the next few days.

Edited December 22, 2005 by fdv

[Oleg_II]

when we use your fileset we disable Windows File Protection. We discussed once that after installation we can change SFC.DLL to the original (say from BartPe or with other methods) and it will re-enable Windows File Protection. Will it?

absolutely. it works primarily in conjunction with the protected files list in SFCFILES. i routinely do this on installs and it works perfectly.

Sorry for asking this again but I'd like to confirm it one more time: are you replacing only one SFC.DLL? You don't replace SFCFILES.DLL, don't you?

what i can't figure out is that this service does not appear in my list so i guess i am not looking hard enough. i am attaching my auto services, where is it? i dont have it in my list at all by default (it is not in the inactive services either).

It's probably not exactly the service as a proccess running on the system. It's probably something like one time action under definit condition?

[fdv]

Sorry for asking this again but I'd like to confirm it one more time: are you replacing only one SFC.DLL? You don't replace SFCFILES.DLL, don't you?

i replace both, yes.

It's probably not exactly the service as a proccess running on the system. It's probably something like one time action under definit condition?

i guess this is correct. crypto only appears in the services in xp or higher, not in win2k. it is moderated by svchost though so i think... it's not possible to disable it completely.

From documentation:

The public key enabled applications and services. These are IIS, IPSec, smart card logon, EFS, Internet Explorer, Outlook, and Outlook Express. These components interact with each other, and they make use of the cryptographic security services. Some of them also perform key management. They are all standards-based and can interoperate with non-Microsoft entities. They obtain the keys or certificates they need from their own user's or host's store, Active Directory, and Exchange.

The thing is, how come there seems to be no crypto problems on an FDV install... my files eliminate IIS, smart card logon (IIRC, maybe not, I don't remember), IE, Outlook, and OE. IPSec and EFS are left alone I think.. right? well, anyway... I see that the way to adjust settings and import certificates is with IE. I have never had a problem and I haven't used IE in Windows 2000 since 2001.

when i double click on certmgr.msc, i get "the certificate stores could not be enumerated. the system cannot find the file specified." i click OK and the "certificates" box comes up, with nothing in it. selecting Action then Find Certificates results in the same error.

[Oleg_II]

So I removed all CAT files from SYSSETUP.INF but NT5INF.CAT - if I remove this one the installation complains that it can't find refferenced in SETUPAPI.DLL CAT file signed for OS binaries (?). Unfortunatelly I have not wrote down this but will in a couple of hours.

It means that catalogues are still installed with FDV's fileset.

Anybody can confirm about this CAT file in nLite? Does it install?