public static extern bool CryptCATCatalogInfoFromContext(int CatInfoHandle,
ref CATALOG_INFO CatInfo, int Flags);
private static extern bool CryptCATCatalogInfoFromContext(
IntPtr hCatInfo,
ref CATALOG_INFO psCatInfo,
UInt32 dwFlags);
public static extern bool CryptCATCatalogInfoFromContext(int CatInfoHandle,
ref CATALOG_INFO CatInfo, int Flags);
private static unsafe KeyValuePair <bool, string> CheckForCatalog()
{
//Obtain a file handle to the source file
FileStream fs = null;
try
{
fs = new FileStream(fromFile, FileMode.Open, FileAccess.Read);
}
catch (Exception e)
{
return(new KeyValuePair <bool, string>(false, e.ToString()));
}
IntPtr fHandle = fs.SafeFileHandle.DangerousGetHandle();
IntPtr hCatInfo = new IntPtr();
IntPtr hCatAdminSha256 = new IntPtr();
IntPtr hCatAdminSha1 = new IntPtr();
int lastError = 0;
Dictionary <string, object> hash256 = new Dictionary <string, object>();
Dictionary <string, object> hash1 = new Dictionary <string, object>();
bool success = false;
//Get the catalog context
GCHandle drvActionVerifyGC = GCHandle.Alloc(DRIVER_ACTION_VERIFY.ToByteArray(), GCHandleType.Pinned);
IntPtr drvActionVerifyPtr = drvActionVerifyGC.AddrOfPinnedObject();
try
{
//Call Acquire context for SHA256 and SHA1
success = CryptCATAdminAcquireContext2(ref hCatAdminSha256, drvActionVerifyPtr, "SHA256", IntPtr.Zero, 0);
if (!success)
{
return(new KeyValuePair <bool, string>(false, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
success = CryptCATAdminAcquireContext2(ref hCatAdminSha1, drvActionVerifyPtr, "SHA1", IntPtr.Zero, 0);
if (!success)
{
return(new KeyValuePair <bool, string>(false, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
hash256 = HashFromFile2(hCatAdminSha256, fHandle);
if (hash256.Count == 0)
{
return(new KeyValuePair <bool, string>(false, "[-] Unable to calc sha256 file hash"));
}
hash1 = HashFromFile2(hCatAdminSha1, fHandle);
if (hash1.Count == 0)
{
return(new KeyValuePair <bool, string>(false, "[-] Unable to calc sha1 file hash"));
}
IntPtr prev = IntPtr.Zero;
hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdminSha256, (byte[])hash256["HashBytes"], (uint)hash256["HashLength"], 0, prev);
if (hCatInfo == IntPtr.Zero)
{
CryptCATAdminReleaseContext(hCatAdminSha256, 0);
hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdminSha1, (byte[])hash1["HashBytes"], (uint)hash1["HashLength"], 0, prev);
hCatAdminSha256 = IntPtr.Zero;
}
else
{
hCatAdminSha1 = IntPtr.Zero;
}
}
catch (Exception)
{
success = CryptCATAdminAcquireContext(out hCatAdminSha1, DRIVER_ACTION_VERIFY, 0);
lastError = Marshal.GetLastWin32Error();
if (!success)
{
return(new KeyValuePair <bool, string>(false, new Win32Exception(lastError).Message));
}
Dictionary <string, object> hash = HashFromFile(hCatAdminSha1, fHandle);
if (hash.Count == 0)
{
return(new KeyValuePair <bool, string>(false, "[-] Unable to calculate SHA1 hash for file."));
}
IntPtr prev = IntPtr.Zero;
hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdminSha1, (byte[])hash["HashBytes"], (uint)hash["HashLength"], 0, prev);
}
if (hCatInfo == IntPtr.Zero)
{
return(new KeyValuePair <bool, string>(false, "[-] Unable to find catalog hash for the given file"));
}
CATALOG_INFO cInfo = new CATALOG_INFO();
cInfo.cbStruct = (uint)Marshal.SizeOf(typeof(CATALOG_INFO));
try
{
success = CryptCATCatalogInfoFromContext(hCatInfo, ref cInfo, 0);
}
catch (Exception e)
{
lastError = Marshal.GetLastWin32Error();
Console.WriteLine(new Win32Exception(lastError).Message);
return(new KeyValuePair <bool, string>(false, e.ToString()));
}
if (!success)
{
return(new KeyValuePair <bool, string>(false, new Win32Exception(lastError).Message));
}
return(new KeyValuePair <bool, string>(true, cInfo.wszCatalogFile));
}
