Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Sample code used to extract catalog hashes from a mounted Windows image
# https://github.com/mattifestation/CatalogTools
Import-Module CatalogTools
# install.wim was mounted to C:\Mount with Mount-WindowsImage
$SystemCatalogEntries = ls -Path C:\Mount -Include '*.cat' -Recurse | % {
$CatalogInfo = Get-CatalogFile -Path $_.FullName
$FilePath = 'C:' + $CatalogInfo.FilePath.Path.Substring(8)
$CatalogInfo.CatalogMembers | ? { $_.HashInfo.Algorithm -and $_.HashInfo.FileHash } | % {
$Hint = $null
if ($_.NameValuePairs) {
$HintEntry = $_.NameValuePairs | ? { $_.Name -eq 'Hint' } | Select-Object -First 1
if ($HintEntry) { $Hint = $HintEntry.Value }
}
[PSCustomObject] @{
Algorithm = $_.HashInfo.Algorithm
Hash = $_.HashInfo.FileHash
CatalogPath = $FilePath
Hint = $Hint
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.