diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 7e97bb6d45..cdfca247f8 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -129,6 +129,31 @@ void libafl_gen_jmp(target_ulong src, target_ulong dst)
     }
 }
 
+// Use an indirect jump target
+void libafl_gen_jmp_dynamic(target_ulong src, TCGv_i32 dst);
+void libafl_gen_jmp_dynamic(target_ulong src, TCGv_i32 dst)
+{
+    struct libafl_jmp_hook* hook = libafl_jmp_hooks;
+    while (hook) {
+        uint64_t cur_id = 0;
+        if (hook->gen)
+            cur_id = hook->gen(hook->data, src, 0);   // target is not statically known, signal with 0
+        if (cur_id != (uint64_t)-1 && hook->exec) {
+            TCGv_i64 tmp0 = tcg_constant_i64(hook->data);
+            TCGv_i64 tmp1 = tcg_constant_i64(src);
+           // TCGv_i32 tmp2 = dst;
+            TCGv_i64 tmp3 = tcg_constant_i64(cur_id);
+            TCGTemp *tmp4[4] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1), tcgv_i32_temp(dst), tcgv_i64_temp(tmp3) };
+            tcg_gen_callN(&hook->helper_info, NULL, tmp4);
+            tcg_temp_free_i64(tmp0);
+            tcg_temp_free_i64(tmp1);
+            //tcg_temp_free_i64(tmp2);
+            tcg_temp_free_i64(tmp3);
+        }
+        hook = hook->next;
+    }
+}
+
 //// --- End LibAFL code ---
 
 TBContext tb_ctx;
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index 5da784362e..155d26c2f5 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -28,6 +28,7 @@
 #include "semihosting/semihost.h"
 #include "cpregs.h"
 #include "exec/helper-proto.h"
+#include <stdio.h>
 
 #define HELPER_H "helper.h"
 #include "exec/helper-info.c.inc"
@@ -751,11 +752,19 @@ void gen_update_pc(DisasContext *s, target_long diff)
     s->pc_save = s->pc_curr + diff;
 }
 
+//// --- Begin LibAFL code ---
+void libafl_gen_jmp(target_ulong src, target_ulong dst); // see translate-all.c
+void libafl_gen_jmp_dynamic(target_ulong src, TCGv_i32 dst);
+//// --- End LibAFL code ---
 /* Set PC and Thumb state from var.  var is marked as dead.  */
 static inline void gen_bx(DisasContext *s, TCGv_i32 var)
 {
     s->base.is_jmp = DISAS_JUMP;
     tcg_gen_andi_i32(cpu_R[15], var, ~1);
+//// --- Begin LibAFL code ---
+// printf("gen_bx %x\n", s->pc_curr);
+libafl_gen_jmp_dynamic(s->pc_curr, cpu_R[15]);
+//// --- End LibAFL code ---
     tcg_gen_andi_i32(var, var, 1);
     store_cpu_field(var, thumb);
     s->pc_save = -1;
@@ -2596,9 +2605,6 @@ static void gen_jmp_tb(DisasContext *s, target_long diff, int tbno)
     }
 }
 
-//// --- Begin LibAFL code ---
-void libafl_gen_jmp(target_ulong src, target_ulong dst); // see translate-all.c
-//// --- End LibAFL code ---
 static inline void gen_jmp(DisasContext *s, target_long diff)
 {
 //// --- Begin LibAFL code ---
@@ -2896,6 +2902,11 @@ static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
  */
 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
 {
+//// --- Begin LibAFL code ---
+// Note: Test concluded that this never executes
+//printf("store_pc_exc_ret %x\n", s->pc_curr);
+//libafl_gen_jmp_dynamic(s->pc_curr, pc);
+//// --- End LibAFL code ---
     tcg_gen_mov_i32(cpu_R[15], pc);
 }