diff --git a/hmp-commands.hx b/hmp-commands.hx
index 673e39a6979..cd8480580a6 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -47,7 +47,35 @@ ERST
         .cmd        = hmp_quit,
         .flags      = "p",
     },
+	
+SRST
+``w``
+  Write to virtual memory.
+ERST
 
+    {
+        .name       = "w",
+        .args_type  = "addr:l,size:i,data:i",
+        .params     = "addr size data",
+        .help       = "write to virtual memory",
+        .cmd        = hmp_write,
+        .flags      = "p",
+    },
+	
+SRST
+``wp``
+  Write to physical memory.
+ERST
+
+    {
+        .name       = "wp",
+        .args_type  = "addr:l,size:i,data:i",
+        .params     = "addr size data",
+        .help       = "write to physical memory",
+        .cmd        = hmp_write_physical,
+        .flags      = "p",
+    },
+	
 SRST
 ``quit`` or ``q``
   Quit the emulator.
diff --git a/include/exec/memory.h b/include/exec/memory.h
index ddb9b9e10b7..a520ef6875c 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -2721,6 +2721,8 @@ int64_t address_space_cache_init(MemoryRegionCache *cache,
                                  hwaddr len,
                                  bool is_write);
 
+void ram_write(hwaddr addr, void *ptr, hwaddr len, int is_physcial);
+
 /**
  * address_space_cache_invalidate: complete a write to a #MemoryRegionCache
  *
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
index dfbc0c9a2fa..2b358b5a0ac 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -20,6 +20,8 @@
 
 bool hmp_handle_error(Monitor *mon, Error *err);
 
+void hmp_write(Monitor *mon, const QDict *qdict);
+void hmp_write_physical(Monitor *mon, const QDict *qdict);
 void hmp_info_name(Monitor *mon, const QDict *qdict);
 void hmp_info_version(Monitor *mon, const QDict *qdict);
 void hmp_info_kvm(Monitor *mon, const QDict *qdict);
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index 01b789a79e6..8e6b6164260 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -14,20 +14,18 @@
  */
 
 #include "qemu/osdep.h"
-#include "monitor/hmp.h"
-#include "net/net.h"
-#include "net/eth.h"
 #include "chardev/char.h"
-#include "sysemu/block-backend.h"
-#include "sysemu/runstate.h"
-#include "qemu/config-file.h"
-#include "qemu/option.h"
-#include "qemu/timer.h"
-#include "qemu/sockets.h"
-#include "qemu/help_option.h"
+#include "exec/memory.h"
+#include "hw/core/cpu.h"
+#include "hw/intc/intc.h"
+#include "migration/misc.h"
+#include "migration/snapshot.h"
+#include "monitor/hmp.h"
 #include "monitor/monitor-internal.h"
-#include "qapi/error.h"
+#include "net/eth.h"
+#include "net/net.h"
 #include "qapi/clone-visitor.h"
+#include "qapi/error.h"
 #include "qapi/opts-visitor.h"
 #include "qapi/qapi-builtin-visit.h"
 #include "qapi/qapi-commands-block.h"
@@ -44,21 +42,24 @@
 #include "qapi/qapi-commands-tpm.h"
 #include "qapi/qapi-commands-ui.h"
 #include "qapi/qapi-commands-virtio.h"
-#include "qapi/qapi-visit-virtio.h"
-#include "qapi/qapi-visit-net.h"
 #include "qapi/qapi-visit-migration.h"
+#include "qapi/qapi-visit-net.h"
+#include "qapi/qapi-visit-virtio.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/string-input-visitor.h"
 #include "qapi/string-output-visitor.h"
-#include "qom/object_interfaces.h"
-#include "ui/console.h"
+#include "qemu/config-file.h"
 #include "qemu/cutils.h"
 #include "qemu/error-report.h"
-#include "hw/core/cpu.h"
-#include "hw/intc/intc.h"
-#include "migration/snapshot.h"
-#include "migration/misc.h"
+#include "qemu/help_option.h"
+#include "qemu/option.h"
+#include "qemu/sockets.h"
+#include "qemu/timer.h"
+#include "qom/object_interfaces.h"
+#include "sysemu/block-backend.h"
+#include "sysemu/runstate.h"
+#include "ui/console.h"
 
 #ifdef CONFIG_SPICE
 #include <spice/enums.h>
@@ -123,6 +124,22 @@ void hmp_info_version(Monitor *mon, const QDict *qdict)
     qapi_free_VersionInfo(info);
 }
 
+void hmp_write(Monitor *mon, const QDict *qdict)
+{
+    uint32_t addr = qdict_get_int(qdict, "addr");
+    int data = qdict_get_int(qdict, "data");
+    int size = qdict_get_int(qdict, "size");
+    ram_write(addr, &data, size, 0);
+}
+
+void hmp_write_physical(Monitor *mon, const QDict *qdict)
+{
+    uint32_t addr = qdict_get_int(qdict, "addr");
+    int data = qdict_get_int(qdict, "data");
+    int size = qdict_get_int(qdict, "size");
+    ram_write(addr, &data, size, 1);
+}
+
 void hmp_info_kvm(Monitor *mon, const QDict *qdict)
 {
     KvmInfo *info;
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 7eefde99147..4159f076fe6 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -25,15 +25,16 @@
 #include "qom/object.h"
 #include "trace.h"
 
+#include "exec/address-spaces.h"
 #include "exec/memory-internal.h"
 #include "exec/ram_addr.h"
+#include "hw/boards.h"
+#include "hw/core/cpu.h"
+#include "migration/vmstate.h"
+#include "qemu/accel.h"
 #include "sysemu/kvm.h"
 #include "sysemu/runstate.h"
 #include "sysemu/tcg.h"
-#include "qemu/accel.h"
-#include "hw/boards.h"
-#include "migration/vmstate.h"
-#include "exec/address-spaces.h"
 
 //#define DEBUG_UNASSIGNED
 
@@ -3595,6 +3596,28 @@ void mtree_info(bool flatview, bool dispatch_tree, bool owner, bool disabled)
     }
 }
 
+
+void ram_write(hwaddr addr, void *ptr, hwaddr len, int is_physical)
+{
+    MemoryRegion *sm = get_system_memory();
+    MemoryRegion *mr;
+    uint8_t *buf = ptr;
+    CPUState *cs = qemu_get_cpu(0);
+    if (is_physical) {
+        QTAILQ_FOREACH (mr, &sm->subregions, subregions_link) {
+            if (strcmp(memory_region_name(mr), "xbox.ram") == 0) {
+                uint8_t *ram_ptr = qemu_map_ram_ptr(mr->ram_block, addr);
+                memcpy(ram_ptr, buf, len);
+                break;
+            }
+        }
+    } else {
+        if (cpu_memory_rw_debug(cs, addr, buf, len, 1) < 0) {
+            qemu_printf("Cannot access memory\n");
+        }
+    }
+}
+
 void memory_region_init_ram(MemoryRegion *mr,
                             Object *owner,
                             const char *name,