Merge branch 'dev' into docs_edit_readme_fix_links

1 files changed, 15 insertions, 4 deletions

diff --git a/README.md b/README.md
index 25e47ef2..9fe1da7e 100644
--- a/README.md
+++ b/README.md
@@ -70,13 +70,24 @@ When fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described i
 
 3. If the program reads from stdin, run `afl-fuzz` like so:
 
-        ./afl-fuzz -i testcase_dir -o findings_dir -- \
-          /path/to/tested/program [...program's cmdline...]
+```
+   ./afl-fuzz -i seeds_dir -o output_dir -- \
+     /path/to/tested/program [...program's cmdline...]
+```
+
+   To add a dictionary, add `-x /path/to/dictionary.txt` to afl-fuzz.
 
-   If the program takes input from a file, you can put `@@` in the program's command line; AFL will put an auto-generated file name in there for you.
+   If the program takes input from a file, you can put `@@` in the program's
+   command line; AFL will put an auto-generated file name in there for you.
 
 4. Investigate anything shown in red in the fuzzer UI by promptly consulting [docs/status_screen.md](docs/status_screen.md).
 
+5. You will find found crashes and hangs in the subdirectories `crashes/` and
+   `hangs/` in the `-o output_dir` directory. You can replay the crashes by
+   feeding them to the target, e.g.:
+   `cat output_dir/crashes/id:000000,* | /path/to/tested/program [...program's cmdline...]`
+   You can generate cores or use gdb directly to follow up the crashes.
+
 ## Contact
 
 Questions? Concerns? Bug reports?
@@ -179,4 +190,4 @@ If you use AFL++ in scientific work, consider citing [our paper](https://www.use
   }
   ```
 
-</details>
\ No newline at end of file
+</details>