Amend docstring with limitations of the plugins

fox-it · Mar 8, 2024 · 3764b41 · 3764b41
1 parent 633f119
commit 3764b41
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/dissect/target/plugins/os/windows/catroot.py b/dissect/target/plugins/os/windows/catroot.py
@@ -87,6 +87,10 @@ def files(self) -> Iterator[CatrootRecord]:
         A catalog file contains a collection of cryptographic hashes, or thumbprints. These files are generally used to
         verify the integrity of Windows operating system files, instead of per-file authenticode signatures.
 
+        At the moment, parsing catalog files is done on best effort. Asn1crypto is not able to fully parse the 
+        `encap_content_info`, highly likely because Microsoft uses its own format. Future research should result in a more
+        resilient and complete implementation of the catroot.files plugin.
+
         References:
             - https://www.thewindowsclub.com/catroot-catroot2-folder-reset-windows
             - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/catalog-files
@@ -170,7 +174,7 @@ def files(self) -> Iterator[CatrootRecord]:
 
                 # Currently, it is not known how the file hints are related to the digests. Therefore, each digest
                 # is yielded as a record with all of the file hints found.
-                # TODO: find the correlation between the file hints and the digests in catroot files
+                # TODO: find the correlation between the file hints and the digests in catroot files.
                 for file_digest in digests:
                     yield CatrootRecord(
                         digest=file_digest,
@@ -190,6 +194,8 @@ def catdb(self) -> Iterator[CatrootRecord]:
         The catdb file is an ESE database file that contains the digests of the catalog files present on the system.
         This database is used to speed up the process of validating a Portable Executable (PE) file.
 
+        Note: catalog files can include file hints, however these seem not to be present in the catdb files.
+
         References:
             - https://www.thewindowsclub.com/catroot-catroot2-folder-reset-windows
             - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/catalog-files