ARTICLE AD BOX
Maybe this seems stupid for somebody but, I need to register service in android to create binder_proc and binder_node in kernel side and I need to get handle for that binder_node in order to send transaction to that binder_proc.
So after some research I couldn't find any usefull stuff. So basically I want to send binder transaction with raw ioctl like this.
... tr.target.handle = handle; tr.code = 0; tr.data_size = buffer_size; tr.offsets_size = offsets_size; tr.data.ptr.buffer = (uintptr_t)data_buffer; tr.data.ptr.offsets = (uintptr_t)off_buffer; // Wrap in BC_TRANSACTION struct { uint32_t cmd; struct binder_transaction_data tr; } __attribute__((packed)) write_data; write_data.cmd = BC_TRANSACTION; write_data.tr = tr; bwr.write_size = sizeof(write_data); bwr.write_consumed = 0; bwr.write_buffer = (uintptr_t)&write_data; bwr.read_size = 0; if (ioctl(binder_fd, BINDER_WRITE_READ, &bwr) < 0) { perror("[-] ioctl BINDER_WRITE_READ failed"); } ...in order to send above transaction, I need valid handle for that binder_node.
![Creating an Android app that makes a phone work like a gamepad using ADB [closed]](https://stackoverflow.com/Content/Sites/stackoverflow/Img/apple-touch-icon@2.png?v=0f0cab681579)