MobileDevice Library

MobileDevice Library is used by iTunes to transfer data between iPhone and computer over both USB and WiFi connections.

PC Windows: iTunesMobileDevice.dll

 * Location:  (  on 64-bit)
 * Supporting CoreFoundation.dll (used for CFStringRef, CFPropertyListRef management) is located in the same dir (when using iTunes prior 9.0).
 * For iTunes 9.0, the location of CoreFoundation.dll is stored in InstallDir registry value under HKLM\SOFTWARE\Apple Inc.\Apple Application Support registry key.

Mac OS X: MobileDevice.framework

 * Location: /System/Library/PrivateFrameworks/MobileDevice.framework
 * Export command:

Library Interfaces

 * libimobiledevice (provides the same functionality on GNU/Linux)
 * SDMMobileDevice (OS X framework written in C that can be used interchangeably with Apple's private framework MobileDevice.framework)
 * MobileDeviceAccess (similar to above, but written in Objective-C)
 * MobileDevice.h (old reverse engineered header for interfacing with MobileDevice library)

Obtaining address
In order to obtain the address of a usable private function in MobileDevice, you will have to be able to understand x86-64 assembly to reverse engineer it. These methods differ slightly based on platform due to how dynamically linked libraries handle position independent code.

Mac OS X (MobileDevice.framework)
A private function is not marked as exported in the mach-o symbol table. This means it cannot be called by simply linking against the library. To call unexported functions, the mach-o symbol table must be stepped through manually to find the offset of a particular function call. Calls can be verified by checking against the offset of the name inside the name table.

Windows (MobileDevice.dll)
Unlike OS X's dynamically linkable libraries, Windows dynamic libraries do not support position independent code in the same manner. A private function will not have its name in the exported symbol table, so in a debugger, like GDB, it will show up as part of another function. However, you will know that it is a separate function as a new stack frame is set up.

Known Error Codes

 * kAMDSuccess = 0x0
 * kAMDUndefinedError = 0xe8000001
 * kAMDBadHeaderError = 0xe8000002
 * kAMDNoResourcesError = 0xe8000003
 * kAMDReadError = 0xe8000004
 * kAMDWriteError = 0xe8000005
 * kAMDUnknownPacketError = 0xe8000006
 * kAMDInvalidArgumentError = 0xe8000007
 * kAMDNotFoundError = 0xe8000008
 * kAMDIsDirectoryError = 0xe8000009
 * kAMDPermissionError = 0xe800000a
 * kAMDNotConnectedError = 0xe800000b
 * kAMDTimeOutError = 0xe800000c
 * kAMDOverrunError = 0xe800000d
 * kAMDEOFError = 0xe800000e
 * kAMDUnsupportedError = 0xe800000f
 * kAMDFileExistsError = 0xe8000010
 * kAMDBusyError = 0xe8000011
 * kAMDCryptoError = 0xe8000012
 * kAMDInvalidResponseError = 0xe8000013
 * kAMDMissingKeyError = 0xe8000014
 * kAMDMissingValueError = 0xe8000015
 * kAMDGetProhibitedError = 0xe8000016
 * kAMDSetProhibitedError = 0xe8000017
 * kAMDRemoveProhibitedError = 0xe8000018
 * kAMDImmutableValueError = 0xe8000019
 * kAMDPasswordProtectedError = 0xe800001a
 * kAMDMissingHostIDError = 0xe800001b
 * kAMDInvalidHostIDError = 0xe800001c
 * kAMDSessionActiveError = 0xe800001d
 * kAMDSessionInactiveError = 0xe800001e
 * kAMDMissingSessionIDError = 0xe800001f
 * kAMDInvalidSessionIDError = 0xe8000020
 * kAMDMissingServiceError = 0xe8000021
 * kAMDInvalidServiceError = 0xe8000022
 * kAMDInvalidCheckinError = 0xe8000023
 * kAMDCheckinTimeoutError = 0xe8000024
 * kAMDMissingPairRecordError = 0xe8000025
 * kAMDInvalidActivationRecordError = -402653146
 * kAMDMissingActivationRecordError = -402653145
 * kAMDWrongDroidError = -402653144
 * kAMDSUVerificationError = -402653143
 * kAMDSUPatchError = -402653142
 * kAMDSUFirmwareError = -402653141
 * kAMDProvisioningProfileNotValid = -402653140
 * kAMDSendMessageError = -402653139
 * kAMDReceiveMessageError = -402653138
 * kAMDMissingOptionsError = -402653137
 * kAMDMissingImageTypeError = -402653136
 * kAMDDigestFailedError = -402653135
 * kAMDStartServiceError = -402653134
 * kAMDInvalidDiskImageError = -402653133
 * kAMDMissingDigestError = -402653132
 * kAMDMuxError = -402653131
 * kAMDApplicationAlreadyInstalledError = -402653130
 * kAMDApplicationMoveFailedError = -402653129
 * kAMDApplicationSINFCaptureFailedError = -402653128
 * kAMDApplicationSandboxFailedError = -402653127
 * kAMDApplicationVerificationFailedError = -402653126
 * kAMDArchiveDestructionFailedError = -402653125
 * kAMDBundleVerificationFailedError = -402653124
 * kAMDCarrierBundleCopyFailedError = -402653123
 * kAMDCarrierBundleDirectoryCreationFailedError = -402653122
 * kAMDCarrierBundleMissingSupportedSIMsError = -402653121
 * kAMDCommCenterNotificationFailedError = -402653120
 * kAMDContainerCreationFailedError = -402653119
 * kAMDContainerP0wnFailedError = -402653118
 * kAMDContainerRemovalFailedError = -402653117
 * kAMDEmbeddedProfileInstallFailedError = -402653116
 * kAMDErrorError = -402653115
 * kAMDExecutableTwiddleFailedError = -402653114
 * kAMDExistenceCheckFailedError = -402653113
 * kAMDInstallMapUpdateFailedError = -402653112
 * kAMDManifestCaptureFailedError = -402653111
 * kAMDMapGenerationFailedError = -402653110
 * kAMDMissingBundleExecutableError = -402653109
 * kAMDMissingBundleIdentifierError = -402653108
 * kAMDMissingBundlePathError = -402653107
 * kAMDMissingContainerError = -402653106
 * kAMDNotificationFailedError = -402653105
 * kAMDPackageExtractionFailedError = -402653104
 * kAMDPackageInspectionFailedError = -402653103
 * kAMDPackageMoveFailedError = -402653102
 * kAMDPathConversionFailedError = -402653101
 * kAMDRestoreContainerFailedError = -402653100
 * kAMDSeatbeltProfileRemovalFailedError = -402653099
 * kAMDStageCreationFailedError = -402653098
 * kAMDSymlinkFailedError = -402653097
 * kAMDiTunesArtworkCaptureFailedError = -402653096
 * kAMDiTunesMetadataCaptureFailedError = -402653095
 * kAMDAlreadyArchivedError = -402653094
 * kAMDProhibitedBySupervision = -402653053