WinSxS Folder - Resolving catalog files

Discussion in 'Windows 8' started by colinr, Jan 25, 2013.

  1. colinr

    colinr MDL Novice

    Oct 10, 2008
    48
    1
    0
    Hi all,

    I've got a Win8 SurfaceRT tablet, and as you are probably aware, these things are quite locked down and will only allow signed executables to be run.

    Basically, I wish to copy some windows binaries from a live system (I have located them from within the C:\Windows\WinSxS folder) and copy them into the Windows Recovery Environment for RT which can be executed from a bootable USB drive.

    As expected, signed executables are also enforced even within the Recovery Environment.

    The binaries that I have copyied to the Recovery Environment will not execute as they need their corresponding catalog (.cat) file and manifest file (I've found the mnaifest files). The cat files are stored within a 'Catalogs' folder under 'WinSxS' and are named like this: 01f3c856dc2d7f774c54faf7eeebd203293c57ad8f0a291bc4d0fe1d84167437.cat

    So here is the question, how do I resolve these catalog files to the manifest and windows binary files?


    Thanks in advance.
     
  2. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,539
    60
    #2 100, Jan 25, 2013
    Last edited by a moderator: Apr 20, 2017
  3. colinr

    colinr MDL Novice

    Oct 10, 2008
    48
    1
    0
    @100, thank you very much for the guide, I'm sure others will find that interesting too.

    I can't help feeling that there is more to this than meets the eye.

    Under the native install of Win8 RT, the console applications, Tasklist.exe, Taskkill.exe and Choice.exe work fine, however, they are not present within the Pre-Installation/Recovery environment. I have added the executables for these files to WinSxS in the correct folder sctructure and system32, where they would natively live.

    I also added the correct manifest files and because I did not know at the time how to find the correct catalog file, I added all of them (copied the whole folder to \Windows\WinSxS\Calalogs).

    When I boot into the Recovery Environment and try to run any of these executables, I get the message "The system cannot execute the specified program.", which seems to indicate that there is an issue with the code signing as that is exactly the same message that appears when I try and execute an unsigned self written executable.

    Am I missing a step? Do I need to somehow register these binaries with the OS? Also, signtool.exe is not present on Win 8 RT (Arm).

    Thanks again.
     
  4. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,539
    60
    The .cat files will need to be added to the system catalog database so that the files can be verified. The console applications you listed don't come with an embedded digital signature, instead an external (detached) signature in a .cat file is used. If the catalog isn't added to the system database the OS won't be able to find the executable's actual signature. This is what "signtool.exe catdb" does.
    The system catalog database is in %systemroot%\system32\catroot2, and I think it's created from the files in %systemroot%\system32\catroot. Since catroot2 is empty on WinPE it seems the database is created at bootup. You could try adding the .cat file to catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} in the WinPE image, or maybe even add all the .cats from the regular OS's catroot directory, to make sure you're not missing anything.
     
  5. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    865
    447
    30
    100 do you have some links or something else where i can read in deep about the components hive? I know the hive but always avoided it to research in any way.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,539
    60
    Unfortunately no. Like most of CBS (component based servicing), this is something that's pretty much not documented at all. :/
    I don't think the registry hive is all that interesting though because the important information is in the manifest files (WinSxS\manifests).
     
  7. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    865
    447
    30
    yes, but i still don't understand some kind of lines or the damn redundant informations. like 'winner' string in some or even all components. I mostly invesigtated in embedded environment which is even more special but at all this hive sucks bad.
    MS gets kind of dirty with documentation or does anyone exactly know what e.g. locate=custom:12000002 in bcd for vhd file means. There are more and more things that aren't or very bad documented.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. colinr

    colinr MDL Novice

    Oct 10, 2008
    48
    1
    0
    @100

    Managed to get it to work!

    It was as simple as identfying the cat file from within WinSxS\Catalogs (using the method that you supplied) and then copying the cat file to system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} of the WinPE file structure, then copying the exe file to System32 and the mui file to system32\en-US. Then finally building the WIM.

    Thanks
     
  9. maxtorix

    maxtorix MDL Junior Member

    Feb 3, 2010
    80
    78
    0
    @100: I have similar question.

    Is there any possibility for creation of some tool or guide, with which can I be able for example to export one full feature from Windows 7's or Windows 8's '"Windows\WinSXS" or "DVD\Source\SXS" and add to another build or another SKU and similar relations?

    My idea comes directly from that what I want to install Internet Explorer 10 RTM on Release Preview.
    I think that if I successfully rip all files connected with IE10 from Win8 RTM and put them in one folder, after with some editing in manifest files, via Dism to integrate in Release Preview.

    I have on my mind that IE and VirtualPC as windows features are TopLevel so how I understand if I'm not wrong they can be installed on every build which has major build number 6.2.
     
  10. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,213
    14,776
    340
    @maxtorix

    Seems that 100 has already created some kind of script but its not for public (yet). :(


     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. maxtorix

    maxtorix MDL Junior Member

    Feb 3, 2010
    80
    78
    0
    Ah, ok, however this thread myabe will remind 100 to release the script or to create some program based on it, because he don't allow PMs.