Patching files in Windows 6.x , 10.0 [SFC happy]

Forum to discuss Update Packs created by community members for the various Windows operating systems.
Post Reply
harkaz
Posts: 693
Joined: Fri Nov 16, 2012 10:23 am
Location: GR
Contact:

Patching files in Windows 6.x , 10.0 [SFC happy]

Post by harkaz » Tue Nov 24, 2015 6:25 pm

This is a method similar to my CAT signing procedure in SP4.
After you follow the same steps described in the SP4 thread to create CAT files, you need to modify the catalog files in the appropriate places:

\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

\Windows\winsxs\Catalogs (because the file names are different an easy way to do it is to compare the hashes of all the catalogs in there against the original CAT file hash we are updating).

Of course the CAT files in \Windows\winsxs\Catalogs are named by a thumbprint. So we need to locate which component is affected by the catalog. If we load the COMPONENTS hives it's easy to find the corresponding components under \CanonicalData\Catalogs\catalog_name (the component is named with its "canonical" name e.g. c!0098220e79e..4dbb55e085e_31bf3856ad364e35_6.1.7601.23183_816a595d0ac72080

we then search for that value in \DerivedData\Components The component that has a value named c!0098220e79e..4dbb55e085e_31bf3856ad364e35_6.1.7601.23183_816a595d0ac72080 corresponds to the catalog.

This component key also shows the files the component contains and that we want to patch.

We search for the SHA1/SHA256 ORIGINAL file hash in the CAT file and replace with the new hash (use HEX editor). Re-sign with signtool and update catalogs in catroot/winsxs (tried this only offline, probably possible online with Trustedinstaller priviliges). Also delete catroot2 in system32, reboot + launch WU to reset CAT Esent db.

I'm tired to elaborate more but if you need more details send me a PM.

Post Reply