NtAllocateVirtualMemory - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTMMAPI_H
//
// Virtual memory
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The NtAllocateVirtualMemory routine reserves, commits, or both, a region of pages within the user-mode virtual address space of a specified process.
 *
 * @param ProcessHandle A handle for the process for which the mapping should be done.
 * @param BaseAddress A pointer to a variable that will receive the base address of the allocated region of pages. If the initial value is not zero, the region is allocated at the specified virtual address.
 * @param ZeroBits The number of high-order address bits that must be zero in the base address of the section view. This value must be less than 21 and the initial value of BaseAddress must be zero.
 * @param RegionSize A pointer to a variable that will receive the actual size, in bytes, of the allocated region of pages.
 * @param AllocationType A bitmask containing flags that specify the type of allocation to be performed.
 * @param PageProtection A bitmask containing page protection flags that specify the protection desired for the committed region of pages.
 * @return NTSTATUS Successful or errant status.
 * @sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-zwallocatevirtualmemory
 */
_Must_inspect_result_
_When_(return == 0, __drv_allocatesMem(mem))
NTSYSCALLAPI
NTSTATUS
NTAPI
NtAllocateVirtualMemory(
    _In_ HANDLE ProcessHandle,
    _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress,
    _In_ ULONG_PTR ZeroBits,
    _Inout_ PSIZE_T RegionSize,
    _In_ ULONG AllocationType,
    _In_ ULONG PageProtection
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwAllocateVirtualMemory(
    _In_ HANDLE ProcessHandle,
    _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress,
    _In_ ULONG_PTR ZeroBits,
    _Inout_ PSIZE_T RegionSize,
    _In_ ULONG AllocationType,
    _In_ ULONG PageProtection
    );

#endif

View code on GitHub

This function is documented in Windows Driver Kit here and here.

ProcessHandle

Handle to Process Object opened with PROCESS_VM_OPERATION access.

*BaseAddress

If not zero, system tries to allocate virtual memory block on this virtual address. If BaseAddress is zero, system use first free virtual location.

AllocationType

Can be MEM_RESERVE or MEM_COMMIT.

Protect

One or combination of PAGE_*** attributes.

Documented by

See also

Edit description on GitHub