emulator_vir_protect proc  hProcess:dword,lpAddress:dword,dwSize:dword,flNewProtect:dword,lpflOldProtect:dword 
push lpflOldProtect
push flNewProtect
lea eax,dwSize
push eax
lea eax,lpAddress
push eax
push hProcess
call system_call
ret
emulator_vir_protect endp

invoke emulator_vir_protect,-1,func_,10,40h,addr oldprot_

GetNumberNtdllFunction proc address_function:dword,imagebase:dword
; в eax возвращается номер функции, если произошла ошибка в eax 0
local hFile:dword
local dwSize:dword
local hMap:dword
local Base:dword
local rva:dword
mov edi,address_function
sub edi,imagebase
mov rva,edi
invoke GetSystemDirectory,offset buf_,255
test eax,eax
je ret_
invoke lstrcat,offset buf_,offset sl
invoke lstrcat,offset buf_,offset ntdl_
invoke CreateFile,offset buf_,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, NULL
mov hFile,eax
inc eax
jz ret_
invoke GetFileSize,hFile, NULL
test eax,eax
jz ret_
mov dwSize,eax
invoke CreateFileMapping,hFile, NULL,1000002h, 0, dwSize, NULL
mov hMap,eax
invoke MapViewOfFile,hMap, FILE_MAP_READ, 0, 0, dwSize
mov Base,eax
test eax,eax
je ret_
add eax,rva
inc eax
mov edi,dword ptr[eax]
mov rva,edi
add eax,5
push dword ptr [eax]
invoke UnmapViewOfFile,Base
invoke CloseHandle,hMap
invoke CloseHandle,hFile
mov eax,rva
pop edx
jmp rt
ret_:
sub eax,eax
sub edx,edx
rt:
ret
GetNumberNtdllFunction endp

invoke GetModuleHandleA,offset ntdl_
mov ntdllbase,eax
invoke GetProcAddress,eax,offset vprotect 
test eax,eax
je ext_
mov func_,eax
invoke GetNumberNtdllFunction, func_,ntdllbase

MOV EAX,xxxx
MOV EDX,yyyy
CALL DWORD PTR DS:[EDX]
RETN zzz