typedef struct {

    HANDLE                     SectionHandle;
    HANDLE                     ProcessHandle;
    PVOID                      BaseAddress;
    ULONG                      ZeroBits;
    SIZE_T                     CommitSize;
    PLARGE_INTEGER             SectionOffset;
    PSIZE_T                    ViewSize;
    SECTION_INHERIT            InheritDisposition;
    ULONG                      AllocationType;
    ULONG                      Win32Protect;
} NtMapViewOfSectionArgs;

typedef struct {

    HANDLE                     ProcessHandle;
    PVOID                      BaseAddress;
} NtUnmapViewOfSectionArgs;

typedef struct {

    PHANDLE                    SectionHandle;
    ACCESS_MASK                DesiredAccess;
    POBJECT_ATTRIBUTES         ObjectAttributes;
} NtOpenSectionArgs;



typedef NTSTATUS (NTAPI* typeNtMapViewOfSection)(

    HANDLE                   SectionHandle,
    HANDLE                   ProcessHandle,
    PVOID                    BaseAddress,
    ULONG                    ZeroBits,
    SIZE_T                   CommitSize,
    PLARGE_INTEGER           SectionOffset,
    PSIZE_T                  ViewSize,
    SECTION_INHERIT          InheritDisposition,
    ULONG                    AllocationType,
    ULONG                    Win32Protect
);

typedef NTSTATUS (NTAPI* typeNtUnmapViewOfSection)(

    HANDLE                   ProcessHandle,
    PVOID                    BaseAddress
);

typedef NTSTATUS (NTAPI* typeNtOpenSection)(

    PHANDLE                  SectionHandle,
    ACCESS_MASK              DesiredAccess,
    POBJECT_ATTRIBUTES       ObjectAttributes
);




typeNtMapViewOfSection fNtMapViewOfSection;
NtMapViewOfSectionArgs pNtMapViewOfSectionArgs;

typeNtUnmapViewOfSection fNtUnmapViewOfSection;
NtUnmapViewOfSectionArgs pNtUnmapViewOfSectionArgs;

typeNtOpenSection fNtOpenSection;
NtOpenSectionArgs pNtOpenSectionArgs;




case NTMAPVIEWOFSECTION_ENUM:
    fNtMapViewOfSection = (typeNtMapViewOfSection)FunctionAddress;
    status = fNtMapViewOfSection(NULL, NULL, NULL, NULL, pNtMapViewOfSectionArgs.CommitSize, pNtMapViewOfSectionArgs.SectionOffset, pNtMapViewOfSectionArgs.ViewSize, pNtMapViewOfSectionArgs.InheritDisposition, pNtMapViewOfSectionArgs.AllocationType, pNtMapViewOfSectionArgs.Win32Protect);
    break;

case NTUNMAPVIEWOFSECTION_ENUM:
    fNtUnmapViewOfSection = (typeNtUnmapViewOfSection)FunctionAddress;
    status = fNtUnmapViewOfSection(NULL, NULL);
    break;

case NTOPENSECTION_ENUM:
    fNtOpenSection = (typeNtOpenSection)FunctionAddress;
    status = fNtOpenSection(NULL, NULL, NULL);
    break;




case NTMAPVIEWOFSECTION_ENUM:
    ExceptionInfo->ContextRecord->R10 =
    (DWORD_PTR)((NtMapViewOfSectionArgs*)(StateArray[EnumState].arguments))->SectionHandle;

    ExceptionInfo->ContextRecord->Rdx =
    (DWORD_PTR)((NtMapViewOfSectionArgs*)(StateArray[EnumState].arguments))->ProcessHandle;

    ExceptionInfo->ContextRecord->R8 =
    (DWORD_PTR)((NtMapViewOfSectionArgs*)(StateArray[EnumState].arguments))->BaseAddress;

    ExceptionInfo->ContextRecord->R9 =
    (DWORD_PTR)((NtMapViewOfSectionArgs*)(StateArray[EnumState].arguments))->ZeroBits;

    break;

case NTUNMAPVIEWOFSECTION_ENUM:
    ExceptionInfo->ContextRecord->R10 =
    (DWORD_PTR)((NtUnmapViewOfSectionArgs*)(StateArray[EnumState].arguments))->ProcessHandle;

    ExceptionInfo->ContextRecord->Rdx =
    (DWORD_PTR)((NtUnmapViewOfSectionArgs*)(StateArray[EnumState].arguments))->BaseAddress;

    break;

case NTOPENSECTION_ENUM:
    ExceptionInfo->ContextRecord->R10 =
    (DWORD_PTR)((NtOpenSectionArgs*)(StateArray[EnumState].arguments))->SectionHandle;

    ExceptionInfo->ContextRecord->Rdx =
    (DWORD_PTR)((NtOpenSectionArgs*)(StateArray[EnumState].arguments))->DesiredAccess;

    ExceptionInfo->ContextRecord->R8 =
    (DWORD_PTR)((NtOpenSectionArgs*)(StateArray[EnumState].arguments))->ObjectAttributes;

    break;




STATE StateArray[] = {
    { NTMAPVIEWOFSECTION_ENUM, &pNtMapViewOfSectionArgs },
    { NTUNMAPVIEWOFSECTION_ENUM, &pNtUnmapViewOfSectionArgs },
    { NTOPENSECTION_ENUM, &pNtOpenSectionArgs }
};

