A combination of fixes and new features for fruitstrap.

* Ability to pass command-line arguments to the running application.
* Fiddled with the device support path discovery so that it works for me with XCode 4.3 on Lion.
* Fixed some bugs with write_gdb_prep_cmds (the string replace on dcp_noprivate with an incorrect length lead to a frequent crash).
* Fill in address.sun_len to make a warning go away.
* Handled gdb exiting slightly more gracefully.
* Closed device control sessions when we don't need them.  These sessions timing out lead to frequent failures the next time they were used.
* Added some getopt argument parsing.
* Added verbose and timeout (timeout for connecting to device) arguments.
This commit is contained in:
Cory McWilliams 2012-02-28 11:51:01 -05:00
parent e6d623252a
commit 91e9185dbe
2 changed files with 216 additions and 50 deletions

View File

@ -1,5 +1,9 @@
#include <stdio.h>
int main() {
int main(int argc, const char* argv[]) {
int i;
for (i = 0; i < argc; i++) {
printf("argv[%d] = %s\n", i, argv[i]);
return 0;

View File

@ -7,6 +7,7 @@
#include <sys/un.h>
#include <stdio.h>
#include <signal.h>
#include <getopt.h>
#include "MobileDevice.h"
#define FDVENDOR_PATH "/tmp/fruitstrap-remote-debugserver"
@ -31,7 +32,7 @@
mem 0x1000 0x3fffffff cache\n\
mem 0x40000000 0xffffffff none\n\
mem 0x00000000 0x0fff none\n\
run {args}\n\
set minimal-signal-handling 0\n\
set inferior-auto-start-cfm off\n\
set sharedLibrary load-rules dyld \".*libobjc.*\" all dyld \".*CoreFoundation.*\" all dyld \".*Foundation.*\" all dyld \".*libSystem.*\" all dyld \".*AppKit.*\" all dyld \".*PBGDBIntrospectionSupport.*\" all dyld \".*/usr/lib/dyld.*\" all dyld \".*CarbonDataFormatters.*\" all dyld \".*libauto.*\" all dyld \".*CFDataFormatters.*\" all dyld \"/System/Library/Frameworks\\\\\\\\|/System/Library/PrivateFrameworks\\\\\\\\|/usr/lib\" extern dyld \".*\" all exec \".*\" all\n\
@ -44,9 +45,11 @@ int AMDeviceSecureInstallApplication(int zero, AMDeviceRef device, CFURLRef url,
int AMDeviceMountImage(AMDeviceRef device, CFStringRef image, CFDictionaryRef options, void *callback, int cbarg);
int AMDeviceLookupApplications(AMDeviceRef device, int zero, CFDictionaryRef* result);
bool found_device = false, debug = false;
bool found_device = false, debug = false, verbose = false;
char *app_path = NULL;
char *device_id = NULL;
char *args = NULL;
int timeout = 0;
CFStringRef last_path = NULL;
service_conn_t gdbfd;
@ -66,23 +69,83 @@ Boolean path_exists(CFTypeRef path) {
CFStringRef copy_device_support_path(AMDeviceRef device) {
CFStringRef version = AMDeviceCopyValue(device, 0, CFSTR("ProductVersion"));
CFStringRef build = AMDeviceCopyValue(device, 0, CFSTR("BuildVersion"));
CFStringRef path_with_build = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/%@ (%@)"), version, build);
CFStringRef path_without_build = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/%@"), version);
const char* home = getenv("HOME");
CFStringRef path;
bool found = false;
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%s/Library/Developer/Xcode/iOS DeviceSupport/%@ (%@)"), home, version, build);
found = path_exists(path);
if (!found)
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/%@ (%@)"), version, build);
found = path_exists(path);
if (!found)
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%s/Library/Developer/Xcode/iOS DeviceSupport/%@"), home, version);
found = path_exists(path);
if (!found)
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/%@"), version);
found = path_exists(path);
// they tack the build number on for beta builds
// there is almost certainly a better way of doing this
if (path_exists(path_with_build)) {
return path_with_build;
} else if (path_exists(path_without_build)) {
return path_without_build;
} else {
if (!found)
printf("[ !! ] Unable to locate DeviceSupport directory.\n");
return path;
CFStringRef copy_developer_disk_image_path(AMDeviceRef device) {
CFStringRef version = AMDeviceCopyValue(device, 0, CFSTR("ProductVersion"));
CFStringRef build = AMDeviceCopyValue(device, 0, CFSTR("BuildVersion"));
const char *home = getenv("HOME");
CFStringRef path;
bool found = false;
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%s/Library/Developer/Xcode/iOS DeviceSupport/%@ (%@)/DeveloperDiskImage.dmg"), home, version, build);
found = path_exists(path);
if (!found) {
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/%@ (%@/DeveloperDiskImage.dmg)"), version, build);
found = path_exists(path);
if (!found) {
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%s/Library/Developer/Xcode/iOS DeviceSupport/@%/DeveloperDiskImage.dmg"), home, version);
found = path_exists(path);
if (!found) {
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/@%/DeveloperDiskImage.dmg"), version);
found = path_exists(path);
if (!found) {
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%s/Library/Developer/Xcode/iOS DeviceSupport/Latest/DeveloperDiskImage.dmg"), home);
found = path_exists(path);
if (!found) {
path = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/Latest/DeveloperDiskImage.dmg"));
found = path_exists(path);
if (!found) {
printf("[ !! ] Unable to locate DeviceSupport directory containing DeveloperDiskImage.dmg.\n");
return path;
void mount_callback(CFDictionaryRef dict, int arg) {
@ -99,10 +162,19 @@ void mount_callback(CFDictionaryRef dict, int arg) {
void mount_developer_image(AMDeviceRef device) {
CFStringRef ds_path = copy_device_support_path(device);
CFStringRef image_path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@/DeveloperDiskImage.dmg"), ds_path);
CFStringRef sig_path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@/DeveloperDiskImage.dmg.signature"), ds_path);
CFStringRef image_path = copy_developer_disk_image_path(device);
CFStringRef sig_path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@.signature"), image_path);
if (verbose) {
printf("Device support path: ");
printf("Developer disk image: ");
FILE* sig = fopen(CFStringGetCStringPtr(sig_path, kCFStringEncodingMacRoman), "rb");
void *sig_buf = malloc(128);
assert(fread(sig_buf, 1, 128, sig) == 128);
@ -116,8 +188,10 @@ void mount_developer_image(AMDeviceRef device) {
int result = AMDeviceMountImage(device, image_path, options, &mount_callback, 0);
if (result == 0 || result == 0xe8000076 /* already mounted */) {
if (result == 0) {
printf("[ 95%%] Developer disk image mounted successfully\n");
} else if (result == 0xe8000076 /* already mounted */) {
printf("[ 95%%] Developer disk image already mounted\n");
} else {
printf("[ !! ] Unable to mount developer disk image. (%x)\n", result);
@ -225,20 +299,35 @@ void write_gdb_prep_cmds(AMDeviceRef device, CFURLRef disk_app_url) {
CFStringRef ds_path = copy_device_support_path(device);
CFStringFindAndReplace(cmds, CFSTR("{ds_path}"), ds_path, range, 0);
range.length = CFStringGetLength(cmds);
if (args) {
CFStringRef cf_args = CFStringCreateWithCString(NULL, args, kCFStringEncodingASCII);
CFStringFindAndReplace(cmds, CFSTR("{args}"), cf_args, range, 0);
} else {
CFStringFindAndReplace(cmds, CFSTR(" {args}"), CFSTR(""), range, 0);
range.length = CFStringGetLength(cmds);
CFStringRef bundle_identifier = copy_disk_app_identifier(disk_app_url);
CFURLRef device_app_url = copy_device_app_url(device, bundle_identifier);
CFStringRef device_app_path = CFURLCopyFileSystemPath(device_app_url, kCFURLPOSIXPathStyle);
CFStringFindAndReplace(cmds, CFSTR("{device_app}"), device_app_path, range, 0);
range.length = CFStringGetLength(cmds);
CFStringRef disk_app_path = CFURLCopyFileSystemPath(disk_app_url, kCFURLPOSIXPathStyle);
CFStringFindAndReplace(cmds, CFSTR("{disk_app}"), disk_app_path, range, 0);
range.length = CFStringGetLength(cmds);
CFURLRef device_container_url = CFURLCreateCopyDeletingLastPathComponent(NULL, device_app_url);
CFStringRef device_container_path = CFURLCopyFileSystemPath(device_container_url, kCFURLPOSIXPathStyle);
CFMutableStringRef dcp_noprivate = CFStringCreateMutableCopy(NULL, 0, device_container_path);
range.length = CFStringGetLength(dcp_noprivate);
CFStringFindAndReplace(dcp_noprivate, CFSTR("/private/var/"), CFSTR("/var/"), range, 0);
range.length = CFStringGetLength(cmds);
CFStringFindAndReplace(cmds, CFSTR("{device_container}"), dcp_noprivate, range, 0);
range.length = CFStringGetLength(cmds);
CFURLRef disk_container_url = CFURLCreateCopyDeletingLastPathComponent(NULL, disk_app_url);
CFStringRef disk_container_path = CFURLCopyFileSystemPath(disk_container_url, kCFURLPOSIXPathStyle);
@ -275,6 +364,7 @@ void start_remote_debug_server(AMDeviceRef device) {
memset(&address, 0, sizeof(address));
address.sun_family = AF_UNIX;
strcpy(address.sun_path, FDVENDOR_PATH);
address.sun_len = SUN_LEN(&address);
CFDataRef address_data = CFDataCreate(NULL, (const UInt8 *)&address, sizeof(address));
@ -284,6 +374,11 @@ void start_remote_debug_server(AMDeviceRef device) {
CFRunLoopAddSource(CFRunLoopGetMain(), CFSocketCreateRunLoopSource(NULL, fdvendor, 0), kCFRunLoopCommonModes);
void gdb_ready_handler(int signum)
void handle_device(AMDeviceRef device) {
if (found_device) return; // handle one device only
@ -312,30 +407,52 @@ void handle_device(AMDeviceRef device) {
CFURLRef relative_url = CFURLCreateWithFileSystemPath(NULL, path, kCFURLPOSIXPathStyle, false);
CFURLRef url = CFURLCopyAbsoluteURL(relative_url);
int afcFd;
assert(AMDeviceStartService(device, CFSTR("com.apple.afc"), &afcFd, NULL) == 0);
assert(AMDeviceStopSession(device) == 0);
assert(AMDeviceDisconnect(device) == 0);
assert(AMDeviceTransferApplication(afcFd, path, NULL, transfer_callback, NULL) == 0);
CFStringRef keys[] = { CFSTR("PackageType") };
CFStringRef values[] = { CFSTR("Developer") };
CFDictionaryRef options = CFDictionaryCreate(NULL, (const void **)&keys, (const void **)&values, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
mach_error_t transfer_error = AMDeviceSecureTransferPath(0, device, url, options, &transfer_callback, 0);
if (transfer_error) {
printf("[ !! ] Unable to transfer package to device. (%x)\n", transfer_error);
assert(AMDeviceValidatePairing(device) == 0);
assert(AMDeviceStartSession(device) == 0);
int installFd;
assert(AMDeviceStartService(device, CFSTR("com.apple.mobile.installation_proxy"), &installFd, NULL) == 0);
assert(AMDeviceStopSession(device) == 0);
assert(AMDeviceDisconnect(device) == 0);
mach_error_t result = AMDeviceInstallApplication(installFd, path, options, install_callback, NULL);
if (result != 0)
printf("AMDeviceInstallApplication failed: %d\n", result);
mach_error_t install_error = AMDeviceSecureInstallApplication(0, device, url, options, &install_callback, 0);
if (install_error) {
printf("[ !! ] Unable to install package. (%x)\n", install_error);
printf("[100%%] Installed package %s\n", app_path);
if (!debug) exit(0); // no debug phase
assert(AMDeviceValidatePairing(device) == 0);
assert(AMDeviceStartSession(device) == 0);
printf("------ Debug phase ------\n");
mount_developer_image(device); // put debugserver on the device
@ -347,11 +464,13 @@ void handle_device(AMDeviceRef device) {
printf("[100%%] Connecting to remote debug server\n");
signal(SIGHUP, gdb_ready_handler);
pid_t parent = getpid();
int pid = fork();
if (pid == 0) {
system(GDB_SHELL); // launch gdb
kill(parent, SIGTERM); // "No. I am your father."
kill(parent, SIGHUP); // "No. I am your father."
@ -365,33 +484,76 @@ void device_callback(struct am_device_notification_callback_info *info, void *ar
int main(int argc, char *argv[]) {
if (argc < 2 || argc > 4) {
printf("usage: %s [-d] <app> [device_id]\n", argv[0]);
void timeout_callback(CFRunLoopTimerRef timer, void *info) {
if (!found_device) {
printf("Timed out waiting for device.\n");
if (strcmp(argv[1], "-d") == 0) {
assert(argc == 3 || argc == 4);
debug = true;
app_path = argv[2];
if (argc == 4) {
device_id = argv[3];
void usage(const char* app) {
printf("usage: %s [-d/--debug] [-i/--id device_id] -b/--bundle bundle.app [-a/--args arguments] [-t/--timeout timeout(seconds)]\n", app);
int main(int argc, char *argv[]) {
static struct option longopts[] = {
{ "debug", no_argument, NULL, 'd' },
{ "id", required_argument, NULL, 'i' },
{ "bundle", required_argument, NULL, 'b' },
{ "args", required_argument, NULL, 'a' },
{ "verbose", no_argument, NULL, 'v' },
{ "timeout", required_argument, NULL, 't' },
{ NULL, 0, NULL, 0 },
char ch;
while ((ch = getopt_long(argc, argv, "dvi:b:a:t:", longopts, NULL)) != -1)
switch (ch) {
case 'd':
debug = 1;
case 'i':
device_id = optarg;
case 'b':
app_path = optarg;
case 'a':
args = optarg;
case 'v':
verbose = 1;
case 't':
timeout = atoi(optarg);
return 1;
if (!app_path) {
printf("------ Install phase ------\n");
} else {
assert(argc == 2 || argc == 3);
app_path = argv[1];
if (argc == 3) {
device_id = argv[2];
assert(access(app_path, F_OK) == 0);
AMDSetLogLevel(5); // otherwise syslog gets flooded with crap
if (timeout > 0)
CFRunLoopTimerRef timer = CFRunLoopTimerCreate(NULL, CFAbsoluteTimeGetCurrent() + timeout, 0, 0, 0, timeout_callback, NULL);
CFRunLoopAddTimer(CFRunLoopGetCurrent(), timer, kCFRunLoopCommonModes);
printf("[....] Waiting up to %d seconds for iOS device to be connected\n", timeout);
printf("[....] Waiting for iOS device to be connected\n");
struct am_device_notification *notify;
AMDeviceNotificationSubscribe(&device_callback, 0, 0, NULL, &notify);