Remotely debugging a process on an ios device via command line LLDB

Hi,

i’m trying to spin up an app on an ios device and then remotely connect to it. I’m starting starting a debug server on the device, then tell it to launch a specific app via the gdb-remote protocol, e.g.

Sending packet: +
Sending packet: $QStartNoAckMode#b0
Received ack: +
Received packet: $OK#9a
Sending packet: +
Sending packet: $QEnvironment:NSUnbufferedIO=YES#8d
Received packet: $OK#00
Sending packet: $QListThreadsInStopReply#21
Received packet: $OK#00
Sending packet: $A228,0,2f707269766174652f7661722f6d6f62696c652f436f6e7461696e6572732f42756e646c652f4170706c69636174696f6e2f44323736423144342d363135372d343837372d383839332d3338334630434437354233392f636f6d2e726f626f766d2e746573742e494f5344656d6f2e617070,28,1,2d72766d3a6c6f673d7472616365#ca
Received packet: $OK#00
Sending packet: $qLaunchSuccess#a5
Received packet: $OK#00

The app launches successfully. Next i setup a local server socket which then forwards the communication between lldb and the debugserver.

In lldb, i set the platform to remote-ios, and create at target pointing at the local version of the executable file of the ios app, and then call gdb-remote which connects to the local forwarding socket:

(lldb) platform select remote-ios
Platform: remote-ios
Connected: no
SDK Path: “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/8.0 (12A365)”
SDK Roots: [ 0] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/4.2”
SDK Roots: [ 1] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/4.3”
SDK Roots: [ 2] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/5.0”
SDK Roots: [ 3] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/5.1”
SDK Roots: [ 4] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/6.0”
SDK Roots: [ 5] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/6.1”
SDK Roots: [ 6] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.0”
SDK Roots: [ 7] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.1”
SDK Roots: [ 8] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/8.0 (12A365)”
SDK Roots: [ 9] “/Users/badlogic/Library/Developer/Xcode/iOS DeviceSupport/7.1.1 (11D201)”
SDK Roots: [10] “/Users/badlogic/Library/Developer/Xcode/iOS DeviceSupport/8.0 (12A365)”
(lldb) target create /tmp/robovm.HelloWorld.ios/com.robovm.test.IOSDemo.app/com.robovm.test.IOSDemo
Current executable set to ‘/tmp/robovm.HelloWorld.ios/com.robovm.test.IOSDemo.app/com.robovm.test.IOSDemo’ (armv7).
(lldb) gdb-remote 8889

The debugserver and lldb then exchange a few messages:

Sending packet (client): $QListThreadsInStopReply#21$qHostInfo#9b
Received packet: $OK#00
Received packet: $cputype:12;cpusubtype:10;ostype:ios;watchpoint_exceptions_received:before;vendor:apple;endian:little;ptrsize:4;#00
Sending packet (client): $vCont?#49
Received packet: $vCont;c;C;s;S#00
Sending packet (client): $qVAttachOrWaitSupported#38
Received packet: $OK#00
Sending packet (client): $qProcessInfo#dc
Received packet: $pid:2e9;parent-pid:2e8;real-uid:1f5;real-gid:1f5;effective-uid:1f5;effective-gid:1f5;cputype:c;cpusubtype:b;ostype:ios;vendor:apple;endian:little;ptrsize:4;#00
Sending packet (client): $qC#b4
Received packet: $QC108d6#00

Note that the +$QStartNoAckMode#b0 message is not forwarded to the debug server but directly replied to by the forwarding server.

LLDB seems be confused from this point onwards. It seems to think that a process has been launched but is unable to provide any information on the process or interrupt it or interact with it in any other way.

I’d be greatful if somebody could point out any errors in the above workflow (apart from not using XCode, which is sadly not an option)

Thanks,
Mario

Hi,

i'm trying to spin up an app on an ios device and then remotely connect to it. I'm starting starting a debug server on the device, then tell it to launch a specific app via the gdb-remote protocol, e.g.

Sending packet: +
Sending packet: $QStartNoAckMode#b0
Received ack: +
Received packet: $OK#9a
Sending packet: +
Sending packet: $QEnvironment:NSUnbufferedIO=YES#8d
Received packet: $OK#00
Sending packet: $QListThreadsInStopReply#21
Received packet: $OK#00
Sending packet: $A228,0,2f707269766174652f7661722f6d6f62696c652f436f6e7461696e6572732f42756e646c652f4170706c69636174696f6e2f44323736423144342d363135372d343837372d383839332d3338334630434437354233392f636f6d2e726f626f766d2e746573742e494f5344656d6f2e617070,28,1,2d72766d3a6c6f673d7472616365#ca
Received packet: $OK#00
Sending packet: $qLaunchSuccess#a5
Received packet: $OK#00

The app launches successfully. Next i setup a local server socket which then forwards the communication between lldb and the debugserver.

In lldb, i set the platform to remote-ios, and create at target pointing at the local version of the executable file of the ios app, and then call gdb-remote which connects to the local forwarding socket:

(lldb) platform select remote-ios
  Platform: remote-ios
Connected: no
  SDK Path: "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/8.0 (12A365)"
SDK Roots: [ 0] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/4.2"
SDK Roots: [ 1] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/4.3"
SDK Roots: [ 2] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/5.0"
SDK Roots: [ 3] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/5.1"
SDK Roots: [ 4] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/6.0"
SDK Roots: [ 5] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/6.1"
SDK Roots: [ 6] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.0"
SDK Roots: [ 7] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.1"
SDK Roots: [ 8] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/8.0 (12A365)"
SDK Roots: [ 9] "/Users/badlogic/Library/Developer/Xcode/iOS DeviceSupport/7.1.1 (11D201)"
SDK Roots: [10] "/Users/badlogic/Library/Developer/Xcode/iOS DeviceSupport/8.0 (12A365)"
(lldb) target create /tmp/robovm.HelloWorld.ios/com.robovm.test.IOSDemo.app/com.robovm.test.IOSDemo
Current executable set to '/tmp/robovm.HelloWorld.ios/com.robovm.test.IOSDemo.app/com.robovm.test.IOSDemo' (armv7).
(lldb) gdb-remote 8889

The debugserver and lldb then exchange a few messages:

Sending packet (client): $QListThreadsInStopReply#21$qHostInfo#9b
Received packet: $OK#00
Received packet: $cputype:12;cpusubtype:10;ostype:ios;watchpoint_exceptions_received:before;vendor:apple;endian:little;ptrsize:4;#00
Sending packet (client): $vCont?#49
Received packet: $vCont;c;C;s;S#00
Sending packet (client): $qVAttachOrWaitSupported#38
Received packet: $OK#00
Sending packet (client): $qProcessInfo#dc
Received packet: $pid:2e9;parent-pid:2e8;real-uid:1f5;real-gid:1f5;effective-uid:1f5;effective-gid:1f5;cputype:c;cpusubtype:b;ostype:ios;vendor:apple;endian:little;ptrsize:4;#00
Sending packet (client): $qC#b4
Received packet: $QC108d6#00

Note that the +$QStartNoAckMode#b0 message is not forwarded to the debug server but directly replied to by the forwarding server.

That is your problem. If you reply "OK" to "QStartNoAckMode", we stop sending ACK and NACK packets. This will obviously hose up any communication you do after that.

Hi Greg,

awesome, this works like a charm! Thanks for the help.

ciao,
Mario