Dev:Debugserver

debugserver is a console app that as server for remote gdb debugging. It is installed when a device is marked for development. It can be found in /Developer/usr/bin/debugserver. This is also the process invoked by Xcode to debug applications on the device.

Command line options
debugserver can be invoked with

debugserver [ ] host: [ ...]

Where options can be:

Patching for process attaching
The vanilla debugserver cannot attach to any processes due to lack of entitlement to allow task_for_pid. An entitlement must be inserted into the binary to allow this.

0.

1. Thin the binary because ldid does not support fat binaries:

2. Save the following as ent.xml:

3. Apply the entitlement with ldid</tt>: ldid -Sent.xml debugserver

Alternative Instructions (64-bit compatible)
Alternatively if you are on a Mac with Xcode, installed you can follow Peter Steinberger's instructions to add entitlements to the debugserver that comes with Xcode. This will allow you to keep it as a fat binary, which will work on all devices including 64-bit iPhone 5s Here are Peter's full slides in PDF format or on a website (with more tips) - start at slide 45 for instructions for getting the debugserver to work.

I am not sure if you need an Apple developer membership and certificate to add the entitlements. If this fails for you, try the first method above.

1. Mount Xcode's developer disk image on your Mac and copy the debugserver binary to your working directory: hdiutil attach /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/ DeviceSupport/7.0.3\ \(11B508\)/DeveloperDiskImage.dmg cp /Volumes/DeveloperDiskImage/usr/bin/debugserver.

2. Save the following as entitlements.plist</tt>:

3. Apply the entitlement with codesign</tt>: codesign -s - --entitlements entitlements.plist -f debugserver

Attaching to a process
1. On the device, type: ./debugserver *:1234 -a "YouTube"

Example: My-iPhone-5S:~ root# ./debugserver *:1234 -a "YouTube" debugserver-300.2 for arm64. Attaching to process YouTube... Spawning general listening thread. Spawning kqueue listening thread. Listening to port 1234 for a connection from *...

2. On your Mac, launch lldb and type the following commands (but replace the IP with your device's IP): platform select remote-ios process connect connect://192.168.2.104:1234

Example: mbkim:Debug_Server Kim$ lldb (lldb) platform select remote-ios Platform: remote-ios Connected: no  SDK Path: "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.0" SDK Roots: [ 0] "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/4.2" [...] SDK Roots: [21] "/Users/Kim/Library/Developer/Xcode/iOS DeviceSupport/7.0.4 (11B554a)" (lldb) process connect connect://192.168.2.104:1234 Process 2612 stopped * thread #1: tid = 0x30d1e, 0x3ba51a84 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread, stop reason = signal SIGSTOP frame #0: 0x3ba51a84 libsystem_kernel.dylib`mach_msg_trap + 20 libsystem_kernel.dylib`mach_msg_trap + 20: -> 0x3ba51a84: pop    {r4, r5, r6, r8} 0x3ba51a88: bx     lr libsystem_kernel.dylib`mach_msg_overwrite_trap: 0x3ba51a8c: mov    r12, sp    0x3ba51a90:  push   {r4, r5, r6, r8} (lldb) po [[UIApplication sharedApplication] delegate] <YTAppDelegate: 0x15e635a0> (lldb)

Debugging through USB instead of WiFi
If you find that debugging through WiFi is a little slow, or if you need to debug an app while WiFi is off, you can use usbmuxd to connect through USB. Mac users can also use iPhoneTunnel.

wget http://cgit.sukimashita.com/usbmuxd.git/snapshot/usbmuxd-1.0.8.tar.bz2 tar xjfv usbmuxd-1.0.8.tar.bz2 cd usbmuxd-1.0.8/python-client/ python tcprelay.py -t 1234:1234

Now all connections to localhost:1234 will be forwarded to your iPhone through USB to port 1234.

Connecting lldb: (lldb) process connect connect://localhost:1234 Process 2612 stopped * thread #1: tid = 0x30d1e, 0x3ba51a84 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread, stop reason = signal SIGSTOP frame #0: 0x3ba51a84 libsystem_kernel.dylib`mach_msg_trap + 20 libsystem_kernel.dylib`mach_msg_trap + 20: -> 0x3ba51a84: pop    {r4, r5, r6, r8} 0x3ba51a88: bx     lr libsystem_kernel.dylib`mach_msg_overwrite_trap: 0x3ba51a8c: mov    r12, sp    0x3ba51a90:  push   {r4, r5, r6, r8} (lldb) po [[UIApplication sharedApplication] delegate] <YTAppDelegate: 0x15e635a0>

Example session
'''Note: these instructions probably only work on very old firmwares such as iOS 3. For iOS 7, follow the example above.'''

1. Copy MobileNotes to your Mac, e.g. to /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.sdk/Applications/MobileNotes.app/MobileNotes</tt>. 2. On the device, type: ~/debugserver -x spring host:6789 /Applications/MobileNotes.app/MobileNotes This will launch MobileNotes and wait for the remote debugger.

3. Launch the debugger and attach it to the remote process: If using GDB: set shlib-path-substitutions / /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.sdk/ file /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.sdk/Applications/MobileNotes.app/MobileNotes target remote-macosx 192.168.1.101:6789 Where 192.168.1.101 should be replaced by the actual IP address of your device. The remote debug connection is now complete.
 * On your Mac, launch /Developer/Platforms/iPhoneOS.platform/Developer/usr/libexec/gdb/gdb-arm-apple-darwin</tt>.
 * Type the following in gdb</tt>:

If using LLDB: platform select remote-ios process connect connect://192.168.1.101:6789
 * On your Mac, launch lldb</tt>.
 * Type the following in lldb</tt>:

4. Enter c</tt> to continue and do whatever you want.