diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs
index a32319df3e..50e342a3e3 100644
--- a/libafl_qemu/libafl_qemu_build/src/build.rs
+++ b/libafl_qemu/libafl_qemu_build/src/build.rs
@@ -8,7 +8,7 @@ use which::which;
 
 const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
 const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
-const QEMU_REVISION: &str = "f1e48d694ca31045169853ca65b1a5a95e8746e9";
+const QEMU_REVISION: &str = "e99b9da6585504a8333f2846a61de487f94d3476";
 
 #[allow(clippy::module_name_repetitions)]
 pub struct BuildResult {
diff --git a/libafl_qemu/libafl_qemu_sys/src/x86_64_stub_bindings.rs b/libafl_qemu/libafl_qemu_sys/src/x86_64_stub_bindings.rs
index 51e20864d5..89f96fe304 100644
--- a/libafl_qemu/libafl_qemu_sys/src/x86_64_stub_bindings.rs
+++ b/libafl_qemu/libafl_qemu_sys/src/x86_64_stub_bindings.rs
@@ -1,4 +1,4 @@
-/* automatically generated by rust-bindgen 0.68.1 */
+/* automatically generated by rust-bindgen 0.69.4 */
 
 #[repr(C)]
 #[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)]
@@ -90,11 +90,11 @@ impl<T> __IncompleteArrayField<T> {
     }
     #[inline]
     pub fn as_ptr(&self) -> *const T {
-        core::ptr::from_ref(self) as *const T
+        self as *const _ as *const T
     }
     #[inline]
     pub fn as_mut_ptr(&mut self) -> *mut T {
-        core::ptr::from_mut(self) as *mut T
+        self as *mut _ as *mut T
     }
     #[inline]
     pub unsafe fn as_slice(&self, len: usize) -> &[T] {
@@ -13445,7 +13445,9 @@ extern "C" {
 }
 extern "C" {
     pub fn libafl_add_backdoor_hook(
-        exec: ::std::option::Option<extern "C" fn(data: u64, pc: target_ulong)>,
+        exec: ::std::option::Option<
+            extern "C" fn(data: u64, cpu: *mut CPUArchState, pc: target_ulong),
+        >,
         data: u64,
     ) -> usize;
 }
diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs
index a58c990cca..7a0a5bacc8 100644
--- a/libafl_qemu/src/emu.rs
+++ b/libafl_qemu/src/emu.rs
@@ -23,7 +23,7 @@ use libafl_qemu_sys::{
     libafl_qemu_cpu_index, libafl_qemu_current_cpu, libafl_qemu_gdb_reply, libafl_qemu_get_cpu,
     libafl_qemu_num_cpus, libafl_qemu_num_regs, libafl_qemu_read_reg,
     libafl_qemu_remove_breakpoint, libafl_qemu_set_breakpoint, libafl_qemu_trigger_breakpoint,
-    libafl_qemu_write_reg, CPUStatePtr, FatPtr, GuestUsize,
+    libafl_qemu_write_reg, CPUArchStatePtr, CPUStatePtr, FatPtr, GuestUsize,
 };
 pub use libafl_qemu_sys::{GuestAddr, GuestPhysAddr, GuestVirtAddr};
 #[cfg(emulation_mode = "usermode")]
@@ -1254,11 +1254,11 @@ impl Qemu {
     pub fn add_backdoor_hook<T: Into<HookData>>(
         &self,
         data: T,
-        callback: extern "C" fn(T, GuestAddr),
+        callback: extern "C" fn(T, CPUArchStatePtr, GuestAddr),
     ) -> BackdoorHookId {
         unsafe {
             let data: u64 = data.into().0;
-            let callback: extern "C" fn(u64, GuestAddr) = transmute(callback);
+            let callback: extern "C" fn(u64, CPUArchStatePtr, GuestAddr) = transmute(callback);
             let num = libafl_qemu_sys::libafl_add_backdoor_hook(Some(callback), data);
             BackdoorHookId(num)
         }
@@ -1696,7 +1696,7 @@ where
     pub fn add_backdoor_hook<T: Into<HookData>>(
         &self,
         data: T,
-        callback: extern "C" fn(T, GuestAddr),
+        callback: extern "C" fn(T, CPUArchStatePtr, GuestAddr),
     ) -> BackdoorHookId {
         self.qemu.add_backdoor_hook(data, callback)
     }
diff --git a/libafl_qemu/src/hooks.rs b/libafl_qemu/src/hooks.rs
index b58aeaec7a..9b7e336dd7 100644
--- a/libafl_qemu/src/hooks.rs
+++ b/libafl_qemu/src/hooks.rs
@@ -17,7 +17,7 @@ use libafl::{
     inputs::UsesInput,
     state::NopState,
 };
-use libafl_qemu_sys::{FatPtr, GuestAddr, GuestUsize};
+use libafl_qemu_sys::{CPUArchStatePtr, FatPtr, GuestAddr, GuestUsize};
 
 pub use crate::emu::SyscallHookResult;
 use crate::{
@@ -255,7 +255,7 @@ macro_rules! create_exec_wrapper {
 static mut GENERIC_HOOKS: Vec<Pin<Box<(InstructionHookId, FatPtr)>>> = vec![];
 create_wrapper!(generic, (pc: GuestAddr));
 static mut BACKDOOR_HOOKS: Vec<Pin<Box<(BackdoorHookId, FatPtr)>>> = vec![];
-create_wrapper!(backdoor, (pc: GuestAddr));
+create_wrapper!(backdoor, (cpu: CPUArchStatePtr, pc: GuestAddr));
 
 #[cfg(emulation_mode = "usermode")]
 static mut PRE_SYSCALL_HOOKS: Vec<Pin<Box<(PreSyscallHookId, FatPtr)>>> = vec![];
@@ -987,9 +987,9 @@ where
     pub fn backdoor(
         &self,
         hook: Hook<
-            fn(&mut Self, Option<&mut S>, GuestAddr),
+            fn(&mut Self, Option<&mut S>, cpu: CPUArchStatePtr, GuestAddr),
             Box<dyn for<'a> FnMut(&'a mut Self, Option<&'a mut S>, GuestAddr)>,
-            extern "C" fn(*const (), pc: GuestAddr),
+            extern "C" fn(*const (), cpu: CPUArchStatePtr, pc: GuestAddr),
         >,
     ) -> BackdoorHookId {
         match hook {
@@ -1005,7 +1005,7 @@ where
 
     pub fn backdoor_function(
         &self,
-        hook: fn(&mut Self, Option<&mut S>, pc: GuestAddr),
+        hook: fn(&mut Self, Option<&mut S>, cpu: CPUArchStatePtr, pc: GuestAddr),
     ) -> BackdoorHookId {
         unsafe {
             self.qemu