Murphy as0ler

## gist:426a0a95d91eda2f92a85d5d99d0141f
function readStdString (str) {
  const isLong = (capU8) => { return (capU8 & 0x01) !== 1; }
  const cap0 = str.readU8();
  let data = null;
  let size = 0;
  if (isLong(cap0)) {
    data = str.readPointer().readUtf8String();
    size = str.add(Process.pointerSize).readU64();
  } else {
    size = str.add(23).readU8();

## thread_suspend.js
const thread_suspend = Module.getExportByName(null, "thread_suspend");
Interceptor.attach(thread_suspend, {
  onEnter(args) {
    console.log("DEBUG: thread_suspend CALLED" + Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join('\n') + '\n');
    args[0] = NULL;
  },
  onLeave(retval) {
    retval.replace(NULL);
  }
});

## frida-disassemble.js
function disasm (from, end) {
  let cursor = from;
  while (cursor.compare(end) < 0) {
    try {
      const inst = Instruction.parse(cursor);
      console.log(cursor, inst);
    } catch (e) {
      console.log(cursor, cursor.readU32().toString(16), "invalid");
    }
    cursor = cursor.add(4);
	function readStdString (str) {
	const isLong = (capU8) => { return (capU8 & 0x01) !== 1; }
	const cap0 = str.readU8();
	let data = null;
	let size = 0;
	if (isLong(cap0)) {
	data = str.readPointer().readUtf8String();
	size = str.add(Process.pointerSize).readU64();
	} else {
	size = str.add(23).readU8();
	const thread_suspend = Module.getExportByName(null, "thread_suspend");
	Interceptor.attach(thread_suspend, {
	onEnter(args) {
	console.log("DEBUG: thread_suspend CALLED" + Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join('\n') + '\n');
	args[0] = NULL;
	},
	onLeave(retval) {
	retval.replace(NULL);
	}
	});
	function disasm (from, end) {
	let cursor = from;
	while (cursor.compare(end) < 0) {
	try {
	const inst = Instruction.parse(cursor);
	console.log(cursor, inst);
	} catch (e) {
	console.log(cursor, cursor.readU32().toString(16), "invalid");
	}
	cursor = cursor.add(4);