[android-developers] Re: capturing IPC call of my own android application through ioctl hooks

[Julien Thomas]

Some updates.

If I force it to rely on 32b arch instead of 64b, it starts to be better: 
3222823425 match ioctl calls for BINDER_WRITE_READ over 32bits

I/hook-ioctl: ioctl.cmd:     3222823425
> I/hook-ioctl: ioctl.cmd binary: 11000000000110000110001000000001
> I/hook-ioctl: direction: rw, struct size: 24, type: b, number: 1
> I/hook-ioctl: wait for: 3224396289 or  3222823425
> I/hook-ioctl: data @:    2934048664
> I/hook-ioctl: write.s :    52
> I/hook-ioctl: write.c :    0
> I/hook-ioctl: write.buffer @:    2928146944
>


if I inspect write buffer (as here I want to check calls made to service),I 
also start to get what is expected

> ioctl.cmd:     1076388608
> direction: -w, struct size: 40, type: c, number: 0
>

But if I parse (at ptr + 4) the data and try to convert to  
binder_transaction_data, I start to get really strange things

a) over the memory, I would have expected a different position for +4 and 
+8  etc
b) when parsing, the data are just ... totally different from memory


struct binder_transaction_data32 btd32 = *(struct binder_transaction_data32 
*) (cptr);

LOGI("-4: %zu", *(cptr-4)); //here I got back the cmd value, so that is okay
LOGI("+0: %zu", *(cptr));
LOGI("+4: %zu", *(cptr+4));


I/hook-ioctl: +0: 17
>  I/hook-ioctl: +4: 0
>  I/hook-ioctl: +8: 0
>  I/hook-ioctl: +12: 2739913840
>  I/hook-ioctl: +16: 2739913840
>  I/hook-ioctl: +20: 1076388608
>  I/hook-ioctl: +24: 16
>  I/hook-ioctl: +28: 0
>  I/hook-ioctl: +32: 1141280749
>  I/hook-ioctl: +36: 1141898661
>
>  I/hook-ioctl: cookie: 0
>  I/hook-ioctl: code: 0
>  I/hook-ioctl: flags: 80
>  I/hook-ioctl: pid: 0
>  I/hook-ioctl: euid: 3022204288
>  I/hook-ioctl: data_size: 0
>

-- 
You received this message because you are subscribed to the Google Groups 
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to android-developers+unsubscr...@googlegroups.com.
To post to this group, send email to android-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/android-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/android-developers/153dd41d-11a8-4fab-a5e6-6062372a3aba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.