question

GaganBhat avatar image
0 Votes"
GaganBhat asked RoyLi-MSFT edited

MakeCat SHA256 in Windows is different than expected SHA256 - CryptCATAdminCalcHashFromFileHandle

Windows SDK has a tool called MakeCat which generates a catalog file that contains SHA256 hashes of files on the operating system.

Let's say we take Optane.dll as an example file.

Using the Makecat tool to create a catalog file results in an stored SHA256 hash of 230EB11F89F6B7B4E6C8E069D6A2A68820E7002625D2DF2F30B80043906433F1.

MRFaC.png

However, putting the same file through any online or local file SHA256 calculator results in a different hash - 4C5E4407A6056B60089F8406CA75F230988A2528FA84F7965C5BF6ED883FB79A

nD4EU.png

Any ideas on how MakeCat is calculating the hash? I believe internally it calls CryptCATAdminCalcHashFromFileHandle Windows API.

My aim: Reproduce this Makecat style hash for some files in a Linux environment.

windows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @GaganBhat

MakeCat uses the mscat.h library : https://docs.microsoft.com/en-us/windows/win32/api/mscat/

About the implementation in Linux, I would recommend to open your question in a Linux Cryptography forum, as that community may be better equipped and experienced to andswer the question.

Hope this helps with your query,


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GaganBhat avatar image
0 Votes"
GaganBhat answered GaganBhat edited

Yes, I see it uses mscat.h, however, where can we see the implementation of this function in Windows?

Cannot find an mscat.cpp, I think we get only the compiled binary.

I am interested in finding out how it has been implemented in Windows because the hash returned is not matching the hash of the file on disk.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.