1 files changed, 13 insertions, 32 deletions
diff --git a/instrumentation/README.persistent_mode.md b/instrumentation/README.persistent_mode.md
index e095f036..2cf76adf 100644
--- a/instrumentation/README.persistent_mode.md
+++ b/instrumentation/README.persistent_mode.md
@@ -11,7 +11,7 @@ and that its state can be resetted so that multiple calls can be performed
 without resource leaks and former runs having no impact on following runs
 (this can be seen by the `stability` indicator in the `afl-fuzz` UI).
 
-Examples can be found in [examples/persistent_mode](../examples/persistent_mode).
+Examples can be found in [utils/persistent_mode](../utils/persistent_mode).
 
 ## 2) TLDR;
 
@@ -23,15 +23,20 @@ __AFL_FUZZ_INIT();
 
 main() {
 
+  // anything else here, eg. command line arguments, initialization, etc.
+
 #ifdef __AFL_HAVE_MANUAL_CONTROL
   __AFL_INIT();
 #endif
 
   unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;  // must be after __AFL_INIT
+                                                 // and before __AFL_LOOP!
 
   while (__AFL_LOOP(10000)) {
 
-    int len = __AFL_FUZZ_TESTCASE_LEN;
+    int len = __AFL_FUZZ_TESTCASE_LEN;  // don't use the macro directly in a
+                                        // call!
+
     if (len < 8) continue;  // check for a required/useful minimum input length
 
     /* Setup function call, e.g. struct target *tmp = libtarget_init() */
@@ -110,37 +115,13 @@ With the location selected, add this code in the appropriate spot:
 ```
 
 You don't need the #ifdef guards, but including them ensures that the program
-will keep working normally when compiled with a tool other than afl-clang-fast.
-
-Finally, recompile the program with afl-clang-fast/lto (afl-gcc or afl-clang will
-*not* generate a deferred-initialization binary) - and you should be all set!
+will keep working normally when compiled with a tool other than afl-clang-fast/
+afl-clang-lto/afl-gcc-fast.
 
-*NOTE:* In the code between `main` and `__AFL_INIT()` should not be any code
-run that is instrumented - otherwise a crash might occure.
-In case this is useful (e.g. for expensive one time initialization) you can
-try to do the following:
+Finally, recompile the program with afl-clang-fast/afl-clang-lto/afl-gcc-fast
+(afl-gcc or afl-clang will *not* generate a deferred-initialization binary) -
+and you should be all set!
 
-Add after the includes:
-```
-extern unsigned char *__afl_area_ptr;
-#define MAX_DUMMY_SIZE 256000
-
-__attribute__((constructor(1))) void __afl_protect(void) {
-#ifdef MAP_FIXED_NOREPLACE
-  __afl_area_ptr = (unsigned char*) mmap((void *)0x10000, MAX_DUMMY_SIZE, PROT_READ | PROT_WRITE, MAP_FIXED_NOREPLACE | MAP_SHARED | MAP_ANONYMOUS, -1, 0);
-  if ((uint64_t)__afl_area_ptr == -1)
-#endif
-    __afl_area_ptr = (unsigned char*) mmap((void *)0x10000, MAX_DUMMY_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
-  if ((uint64_t)__afl_area_ptr == -1)
-    __afl_area_ptr = (unsigned char*) mmap(NULL, MAX_DUMMY_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
-}
-
-```
-and just before `__AFL_INIT()`:
-```
-  munmap(__afl_area_ptr, MAX_DUMMY_SIZE);
-  __afl_area_ptr = NULL;
-```
 
 ## 4) Persistent mode
 
@@ -169,7 +150,7 @@ the impact of memory leaks and similar glitches; 1000 is a good starting point,
 and going much higher increases the likelihood of hiccups without giving you
 any real performance benefits.
 
-A more detailed template is shown in ../examples/persistent_demo/.
+A more detailed template is shown in ../utils/persistent_mode/.
 Similarly to the previous mode, the feature works only with afl-clang-fast; #ifdef
 guards can be used to suppress it when using other compilers.