Привет, я извиняюсь писать на английском, но мой русский, не очень удобно. I am trying to get how does CryptCATAdminCalcHashFromFileHandle calculates its SHA1 File hash for Windows' catalogue file. It is probably something on HMAC SHA1 concept, but i cannot get all necessary informations to build my own hash algorithm without tons of objects that Crypto api uses. I get that the algorithm is in wintrust.dll (block SHA1 can be found by 5A827999h number) and mapped some next functions, but it is getting hard because of object it uses and i dont know its structure... any informations will be very appreciated Спасибо вам много
verlyba Hi. I don't mean, I could help you to reverse crypto API. I'm just curious, why it's so necessary to reverse it instead of reading the specification of SHA1. Wiki gives enough comprehensive information about SHA-1 and its implementation. P.S. You russian translations sound funny.
Well, there are lots of problems. First of all, it isnt pure SHA1 / if it is HMAC, there has to be a special internal key to calculate whole hash. Some closer info i found is here: http://www.jensign.com/hash/index.html The scary point of the text: Thats the reason why iam trying to reverse this function... And sorry about my russian, atleast something for laught in these days
By searching some exact strings i found this document: http://www.microsoft.com/whdc/winlogo/drvsign/Authenticode_PE.mspx It is exactly what i want to do with step-by-step tutorial, how to calculate this hash. But iam being confused by last step, anybody would try to get it work?
Solved By comparing calls for SHA update function i found, that iam not hashing padding between last header and first section start. Otherwise everything exactly as in documentary, thank u
