Microsoft 安全目录格式文档和 API 示例

发布于 2024-08-08 05:05:47 字数 512 浏览 11 评论 0原文

我正在寻找有关使用 Microsoft 安全目录的 API 的任何文档,或者作为替代,有关文件格式的信息,以便我可以编写自己的解析器。

简而言之,我有一些需要使用的 .cat 文件。在十六进制编辑器中查看文件,它们显然有不同的区域,这些区域以某种方式分隔(看起来像典型的二进制保存的结构)。我需要从其中获取某些信息,并忽略其他信息。

我可能可以对格式进行逆向工程并解析出我需要的内容,但我更愿意通过 Win32 API 来做到这一点,或者至少编写我的解析器以使其格式正确,而不是仅仅“能够执行我的操作”需要它来做”。

MSCAT32.DLL 似乎是重要的一个,但我不确定它是否有导出来做我需要的事情......它有点神秘(没有双关语)。

任何信息都会有帮助。

只是在这里多扔几个关键字...

MIME 类型是:application/vnd.ms-pki.seccat 魔术头字节为:30 80 09 06 文件中的字段分隔符似乎是:EOT (04) 和 € (80) 生成它们的程序是:MakeCat.exe

I'm looking for any documentation on the API for working with Microsoft Security Catalogs, or in lieu of that, information on the file format so that I may write my own parser.

In short, I have some .cat files that I need to be able to work with. Looking at the file in a hex editor, they obviously have different regions, which are delimited somehow (looks like typical binary saved structs). I need to get certain information out of them, and ignore other information.

I could probably reverse engineer the format and parse out what I need, but I'd prefer to do that either through the Win32 API, or at least write my parser to be correct for the format, instead of just "able to do what I need it to do".

MSCAT32.DLL seems to be the signficant one, but I'm not sure it has exports to do what I need... It's a bit cryptic (no pun intended).

Any information at all would be helpful.

Just to toss a few more keywords in here...

The MIME type is: application/vnd.ms-pki.seccat
The magic header bytes are: 30 80 09 06
The field delimiters in the file seem to be: EOT (04) and € (80)
A program that generates them is: MakeCat.exe

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

我是男神闪亮亮 2024-08-15 05:05:47

Microsoft 安全目录只不过是以 ASN.1 DER 格式编码的二进制文件。文件内包含 PKCS#7 签名数据以及 Microsoft 特定内容的附加字段(使用 Microsoft OID 编码)。
可以在此处找到这些 OID 的列表:https://support.microsoft.com/en -us/kb/287547

如果您想解码 ASN.1 DER,请使用以下基于 JavaScript 的编码器: http://lapo.it/asn1js/

顺便说一句:30 80 09 06 不是文件魔法,但意味着存在一个构造性的 SEQUENCE从那里开始长度未知。 ASN.1 DER 文件没有任何魔力,但以 SEQUENCE 开头(在许多情况下,在 DER 中编码为 0x30)。

Microsoft Security Catalogs are nothing more than binary files, coded in ASN.1 DER format. Inside the file is PKCS#7 signed data with additional fields for Microsoft specific stuff (coded with Microsoft OIDs).
A list of these OIDs can be found here: https://support.microsoft.com/en-us/kb/287547

If you want to decode ASN.1 DER, use for example this JavaScript based encoder: http://lapo.it/asn1js/

By the way: 30 80 09 06 is not the file magic, but means there is a constructive SEQUENCE with unknown length starting there. ASN.1 DER Files do not have any magic, but start with a SEQUENCE (which is coded in DER as 0x30 in many cases.

明天过后 2024-08-15 05:05:47

Here is a definition of the wintrust calls that are used by makecat
Look under Catalog Definition Functions Catalog Functions which are made up of certificate trust list (CTL) A predefined list of items that have been signed by a trusted entity. A CTL can be anything, such as a list of hashes of certificates, or a list of file names. All the items in the list are authenticated (approved) by the signing entity.

which in turn are composed on pkcs#7 blobs

痴意少年 2024-08-15 05:05:47

您好,为了在 Linux(和其他系统)上完全构建 Windows 驱动程序,我编写了一个小型 C 程序,该程序可以在 C99 编译器可用的任何地方生成 cat 文件。该项目是开源的(GPL),可以从 github 获取:

https://github.com/ LINBIT/generate-cat-file

据我所知,现在可以首次在 Linux 上使用开源工具完全构建 Windows 驱动程序(不需要 Windows 机器):)

祝黑客快乐,

  • Johannes

Hi in order to build Windows Drivers completely on Linux (and other systems) I wrote a small C program that generates the cat file everywhere a C99 compiler is available. The project is OpenSource (GPL) and can be obtained from github:

https://github.com/LINBIT/generate-cat-file

To my knowledge it is now possible to build Windows Drivers completely with Open Source tools on Linux for the fist time (without requiring a Windows machine) :)

Happy hacking,

  • Johannes
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文