MakeCat

The MakeCat tool is a CryptoAPI tool that creates a catalog file. MakeCat is available as part of the Microsoft Windows Software Development Kit (SDK) for Windows 7 and .NET Framework 4.0 and is installed, by default, in the \Bin folder of the SDK installation path.

The MakeCat tool uses the following command syntax:

MakeCat [-n|-r|-v] FileName

Parameters

Parameter Description
-n
Do not stop on a recoverable error.
-r
Forces MakeCat to end if it encounters recoverable errors. Specifically, it will end when processing the entries in the catalog files section of a .cdf file.
-v
Verbose. Displays all progress and error messages.
FileName
Name of the .cdf file to be parsed. For required structure and contents, see Remarks.

 

Remarks

The .cdf file must be built with the following specifications.

[CatalogHeader]
Name=Name              
ResultDir=ResultDir   
PublicVersion=[|1]
CatalogVersion = [|1|2]
HashAlgorithms=[|SHA1|SHA256]
PageHashes=[true|false]
EncodingType=Encodingtype 
CATATTR1={type}:{oid}:{value} (optional)
CATATTR2={type}:{oid}:{value} (optional)

[CatalogFiles]
{reference tag}=file path and name
{reference tag}ALTSIPID={guid} (optional)
{reference tag}ATTR1={type}:{oid}:{value} (optional)
{reference tag}ATTR2={type}:{oid}:{value} (optional)
<HASH>kernel32.dll=kernel32.dll
<HASH>ntdll.dll=ntdll.dll

Note

The last entry in the .cdf file must always have an explicit newline character at the end of the line.

 

The [CatalogHeader] section defines information about the entire catalog file.

Option Description
Name
Name of the catalog file, including its extension.
ResultDir
Directory where the created .cat file will be placed. If not indicated, the default current directory is used. If the directory does not exist, it is created.
PublicVersion
This option is not supported.
Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: Catalog version. If left blank, the default value, 1, is used.

CatalogVersion
Catalog version. If the version is not present or is set to 1, then "0x100" is passed to the dwPublicVersion parameter of the CryptCATOpen function, and a version 1 catalog file is created. The HashAlgorithms option must be empty or contain SHA1.
If the version is set to 2, then "0x200" is passed to the dwPublicVersion parameter of the CryptCATOpen function, and a version 2 catalog file is created. The HashAlgorithms option must contain SHA256.
If this option is present but contains any value other than 1 or 2, the MakeCat tool will error out.
Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This option is not supported.

HashAlgorithms
Name of the hashing algorithm used. For more information, see the CatalogVersion option.
Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This option is not supported.

PageHashes
Specifies whether to hash the files listed in the <HASH> option in the [CatalogFiles] section
Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This option is not supported.

EncodingType
Type of message encoding used. If left blank, the default EncodingType is PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0x00010001.

 

The [CatalogFiles] section defines each member of the catalog file with files of various types and attributes of various types in separate groups.

Option Description
reference tag
Text reference to the file. This can include any ASCII text characters except the equal sign (=). The system must be able to reproduce this tag after installation.
Use <HASH> as a prefix of the file name. This results in the tag being the file's hash in ASCII string form.
file path and name
The file name, including the extension to be parsed and the relative path to the file. Any type of file that can be signed with SignTool can be added to a catalog. For example, file names with the following extensions, among others, can be added to a catalog: .exe, .cab, .cat, .ocx, .dll, and .stl.
ALTSIPID
SIP GUID that is to be used for hashing instead of the standard SIP based on file type. This entry is optional. If this entry is omitted, the member will be hashed using the default SIP. If no default installed SIP is found, the Flat SIP will be used.
guid
Text representation of a GUID.
ATTRx
Optional. Attribute or statement about the file or content. There can be any number of attributes, including none.
type
Defines what type of attribute is being added in the format 0x00000000 (text). This option can be a bitwise-OR combination of zero or more of the following values:
  • 0x10000000 Authenticated attribute (signed, included in the hash).
  • 0x20000000 Unauthenticated attribute (unsigned, not included in the hash, not verifiable).
  • 0x01000000 Attribute will not be replicated to SHA1 entries in a CatalogVersion 2 catalog.
  • 0x00010000 Attribute is represented in plaintext. No conversion will be done.
  • 0x00020000 Attribute is represented in base-64 encoding. This is used to represent binary data.
  • 0x00000001 Attribute is a name-value pair. Use the oid option for the name. This attribute is slow; therefore, use this option sparingly.
  • 0x00000002 Attribute is referenced by an object identifier (OID).

oid
The text representation of the attribute's reference key. It is an OID in the form of a text string in dotted quad notation (for example, a.b.c.d) or a text Name.
value
The text representation of the value of the attribute. The type of text representation used depends on the value of the type option. The EOL characters determine the length.
<HASH>
Hashes the specified file.

 

The generated catalog file is unsigned. If it is to be signed prior to transmittal, it is signed by using SignTool.