From 11e5d5be6a57c23f6827eb15a4e2989de67134a6 Mon Sep 17 00:00:00 2001
From: Alwin Berger <alwin.berger@tu-dortmund.de>
Date: Mon, 3 Jan 2022 00:13:33 +0100
Subject: [PATCH] add physical memory access

---
 softmmu/main.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/softmmu/main.c b/softmmu/main.c
index 693fe36ba3..d259f5ef4c 100644
--- a/softmmu/main.c
+++ b/softmmu/main.c
@@ -49,6 +49,7 @@ int main(int argc, char **argv)
 #include "migration/snapshot.h"
 #include "hw/core/cpu.h"
 #include "qapi/error.h"
+#include "exec/memory.h"
 void libafl_qemu_main_loop( void );
 void libafl_qemu_sys_init(int argc, char **argv, char **envp);
 void libafl_qemu_cleanup( void );
@@ -58,6 +59,8 @@ void libafl_qemu_cleanup( void ) { qemu_cleanup(); }
 void libafl_qemu_set_breakpoint( vaddr );
 void libafl_snapshot_save( const char* );
 void libafl_snapshot_load( const char* );
+void libafl_phys_read(vaddr, uint8_t*, int);
+void libafl_phys_write(vaddr, uint8_t*, int);
 
 void libafl_qemu_main_loop( void )
 {
@@ -85,13 +88,27 @@ void libafl_snapshot_load( const char* name )
     load_snapshot(name, NULL, false, NULL, &err);
 }
 
+void libafl_phys_read(vaddr addr, uint8_t* buf, int len)
+{
+    cpu_physical_memory_read(addr, buf, len);
+}
+void libafl_phys_write(vaddr addr, uint8_t* buf, int len)
+{
+    cpu_physical_memory_write(addr, buf, len);
+}
+
 #ifndef AS_SHARED_LIB
 int main(int argc, char **argv, char **envp)
 {
     // qemu_init(argc, argv, envp);
     // qemu_main_loop();
     // qemu_cleanup();
+    // 2000010c
+    unsigned char buf[4096] = {3};
     libafl_qemu_sys_init(argc, argv, envp);
+    libafl_phys_write(0x00006de4+0xc, buf,1);
+    libafl_phys_read(0x00006de4+0xc, buf,1);
+    printf("FUZZ_INPUT[0]: %x\n", buf[0]);
     libafl_qemu_set_breakpoint(0x00004f5c);
     libafl_snapshot_save("Start");
     do {