2 files changed, 11 insertions, 7 deletions

diff --git a/examples/afl_frida/README.md b/examples/afl_frida/README.md
index 93e8f35a..33bd67c8 100644
--- a/examples/afl_frida/README.md
+++ b/examples/afl_frida/README.md
@@ -24,14 +24,10 @@ afl-fuzz -i in -o out -- ./afl-frida
 ```
 (or even remote via afl-network-proxy).
 
-### Testing and debugging
+# Speed and stability
 
-For testing/debugging you can try:
-```
-make DEBUG=1
-AFL_DEBUG=1 gdb ./afl-frida
-```
-and then you can easily set breakpoints to "breakpoint" and "fuzz".
+The speed is very good, about x12 of fork() qemu_mode.
+However the stability is low. Reason is currently unknown.
 
 # Background
 
diff --git a/examples/afl_frida/afl-frida.c b/examples/afl_frida/afl-frida.c
index c24e05b7..ff10ffb7 100644
--- a/examples/afl_frida/afl-frida.c
+++ b/examples/afl_frida/afl-frida.c
@@ -39,6 +39,7 @@
 
 #ifndef __APPLE__
   #include <sys/wait.h>
+  #include <sys/personality.h>
 #endif
 
 
@@ -216,6 +217,10 @@ static int enumerate_ranges(const GumRangeDetails *details,
 
 int main() {
 
+#ifndef __APPLE__
+  (void)personality(ADDR_NO_RANDOMIZE);  // disable ASLR
+#endif
+
   // STEP 2: load the library you want to fuzz and lookup the functions,
   //         inclusive of the cleanup functions.
   //         If there is just one function, then there is nothing to change
@@ -264,6 +269,9 @@ int main() {
 
   GumEventSink *event_sink = gum_fake_event_sink_new();
 
+  // to ensure that the signatures are not optimized out
+  memcpy(__afl_area_ptr, (void*)AFL_PERSISTENT, sizeof(AFL_PERSISTENT) + 1);
+  memcpy(__afl_area_ptr + 32, (void*)AFL_DEFER_FORKSVR, sizeof(AFL_DEFER_FORKSVR) + 1);
   __afl_manual_init();
 
   //