public static extern bool CryptCATCatalogInfoFromContext(int CatInfoHandle, ref CATALOG_INFO CatInfo, int Flags);
private static extern bool CryptCATCatalogInfoFromContext( IntPtr hCatInfo, ref CATALOG_INFO psCatInfo, UInt32 dwFlags);
private static unsafe KeyValuePair <bool, string> CheckForCatalog() { //Obtain a file handle to the source file FileStream fs = null; try { fs = new FileStream(fromFile, FileMode.Open, FileAccess.Read); } catch (Exception e) { return(new KeyValuePair <bool, string>(false, e.ToString())); } IntPtr fHandle = fs.SafeFileHandle.DangerousGetHandle(); IntPtr hCatInfo = new IntPtr(); IntPtr hCatAdminSha256 = new IntPtr(); IntPtr hCatAdminSha1 = new IntPtr(); int lastError = 0; Dictionary <string, object> hash256 = new Dictionary <string, object>(); Dictionary <string, object> hash1 = new Dictionary <string, object>(); bool success = false; //Get the catalog context GCHandle drvActionVerifyGC = GCHandle.Alloc(DRIVER_ACTION_VERIFY.ToByteArray(), GCHandleType.Pinned); IntPtr drvActionVerifyPtr = drvActionVerifyGC.AddrOfPinnedObject(); try { //Call Acquire context for SHA256 and SHA1 success = CryptCATAdminAcquireContext2(ref hCatAdminSha256, drvActionVerifyPtr, "SHA256", IntPtr.Zero, 0); if (!success) { return(new KeyValuePair <bool, string>(false, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } success = CryptCATAdminAcquireContext2(ref hCatAdminSha1, drvActionVerifyPtr, "SHA1", IntPtr.Zero, 0); if (!success) { return(new KeyValuePair <bool, string>(false, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } hash256 = HashFromFile2(hCatAdminSha256, fHandle); if (hash256.Count == 0) { return(new KeyValuePair <bool, string>(false, "[-] Unable to calc sha256 file hash")); } hash1 = HashFromFile2(hCatAdminSha1, fHandle); if (hash1.Count == 0) { return(new KeyValuePair <bool, string>(false, "[-] Unable to calc sha1 file hash")); } IntPtr prev = IntPtr.Zero; hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdminSha256, (byte[])hash256["HashBytes"], (uint)hash256["HashLength"], 0, prev); if (hCatInfo == IntPtr.Zero) { CryptCATAdminReleaseContext(hCatAdminSha256, 0); hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdminSha1, (byte[])hash1["HashBytes"], (uint)hash1["HashLength"], 0, prev); hCatAdminSha256 = IntPtr.Zero; } else { hCatAdminSha1 = IntPtr.Zero; } } catch (Exception) { success = CryptCATAdminAcquireContext(out hCatAdminSha1, DRIVER_ACTION_VERIFY, 0); lastError = Marshal.GetLastWin32Error(); if (!success) { return(new KeyValuePair <bool, string>(false, new Win32Exception(lastError).Message)); } Dictionary <string, object> hash = HashFromFile(hCatAdminSha1, fHandle); if (hash.Count == 0) { return(new KeyValuePair <bool, string>(false, "[-] Unable to calculate SHA1 hash for file.")); } IntPtr prev = IntPtr.Zero; hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdminSha1, (byte[])hash["HashBytes"], (uint)hash["HashLength"], 0, prev); } if (hCatInfo == IntPtr.Zero) { return(new KeyValuePair <bool, string>(false, "[-] Unable to find catalog hash for the given file")); } CATALOG_INFO cInfo = new CATALOG_INFO(); cInfo.cbStruct = (uint)Marshal.SizeOf(typeof(CATALOG_INFO)); try { success = CryptCATCatalogInfoFromContext(hCatInfo, ref cInfo, 0); } catch (Exception e) { lastError = Marshal.GetLastWin32Error(); Console.WriteLine(new Win32Exception(lastError).Message); return(new KeyValuePair <bool, string>(false, e.ToString())); } if (!success) { return(new KeyValuePair <bool, string>(false, new Win32Exception(lastError).Message)); } return(new KeyValuePair <bool, string>(true, cInfo.wszCatalogFile)); }