1 files changed, 21 insertions, 0 deletions

diff --git a/nyx_mode/README.md b/nyx_mode/README.md
index eee7d363..605bc103 100644
--- a/nyx_mode/README.md
+++ b/nyx_mode/README.md
@@ -313,6 +313,27 @@ command:
 If you want to disable fast snapshots (except for crashes), you can simply set
 the `NYX_DISABLE_SNAPSHOT_MODE` environment variable.
 
+### Nyx crash reports
+
+If the Nyx agent detects a crash in the target application, it can pass 
+additional information on that crash to AFL++ (assuming that the agent
+implements this feature). For each saved crashing input AFL++ will also create
+an additional file in the `crashes` directory with a `.log` file extension.
+Crash reports generated by the default agent shipped with the Nyx packer will
+contain information such as the faulting address and signal number.
+Additionally, if the target is compiled with AddressSanitizer, the crash report
+will also contain the entire ASan report. 
+
+From a technical perspective, the crash report is passed from QEMU-Nyx to AFL++
+via a shared memory region called Nyx Auxiliary Buffer which is by default 4096
+bytes in size. In this shared memory region a specific amount is reserved for
+the header (1408 bytes) and the remaining bytes can be used to transfer crash
+reports (also the `hprintf` feature utilizes the very same shared memory for 
+transferring data). By default a crash report will be truncated to 2688 bytes.
+However, if you want to increase the size of the shared memory region, you can
+set the `NYX_AUX_BUFFER_SIZE` environment variable to a higher value (keep in
+mind that this value must be a multiple of 4096).
+
 ### Run AFL++Nyx with a custom agent
 
 Most of the common use-cases for linux userland targets are already handled by