alloc(newmem,2048,"ntdll.dll"+263E6) 
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:

// [r8] > 978 = Batt01.net.exe UTF-16 (WCHAR)

mov r8,[rax+000002D8]

push rax
mov rax,newmem+500 // vtmem

cmp [r8+978],00610042 // Batt01.net.exe
jne if00
cmp [r8+97C],00740074 // Batt01.net.exe
jne if00
mov [rax],r8
if00:

pop rax


exit:
jmp returnhere

"ntdll.dll"+263E6:
jmp newmem
nop
nop
returnhere: