Verify if a dll is in a catalog file that is signed with a certificate that has a certificate chain with root certificate coming from a certificate authority (CA)

Ram Keerthi 1 Reputation point


I am beginner to this type of requirement.

I have create catalog file(.cat) for some list of dlls using below command
New-FileCatalog -Path D:\caltlog -CatalogFilePath D:\caltlog\ -CatalogVersion 2.0

and make that catalog file ( to signed with certificate.

Could any one help to suggest the steps which are involved in verifying the dll is in file signed with certificate using C++ code ?

Having below doubts,

How to install the CAT file ?

for C++ cod went with snippet ( but got null value for CatInfoHandle for below function call
CatInfoHandle = CryptCATAdminEnumCatalogFromHash(


Thanks and Regards,
Ramanji K

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,094 questions
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,412 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 39,341 Reputation points

    Hello there,

    To verify that a driver package's catalog file was signed by a valid test certificate, use the following SignTool command:

    SignTool verify /v /pa

    To verify that a file, listed in a driver package's catalog file, is signed by a test certificate, use the following SignTool command:

    SignTool verify /v /pa /c DriverFileName

    More details here. Verifying the Signature of a Test-Signed Catalog File

    Using SignTool to Verify a File Signature


    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

  2. Xiaopo Yang - MSFT 11,336 Reputation points Microsoft Vendor

    According to Installing a Catalog File by using CryptCATAdminAddCatalog, An installation program can use the CryptCATAdminAddCatalog and other CryptCATAdminXxx cryptography functions to programmatically install a catalog file in the system component and driver database.
    And I'm looking into verifying a file, listed in a catalog file, is signed by a certificate. But SignTool can do.