NtFlushInstructionCache - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTMMAPI_H
//
// Misc.
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Flushes the instruction cache for the specified process.
 *
 * @param ProcessHandle A handle to the process whose instruction cache is to be flushed.
 * @param BaseAddress A pointer to the base address of the memory region to be flushed. This parameter can be NULL.
 * @param RegionSize The size of the memory region to be flushed, in bytes.
 * @return NTSTATUS Successful or errant status.
 * @remarks Applications should call NtFlushInstructionCache if they generate or modify code in memory. The CPU cannot detect the change, and may execute the old code it cached.
 * @see https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-flushinstructioncache
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtFlushInstructionCache(
    _In_ HANDLE ProcessHandle,
    _In_opt_ PVOID BaseAddress,
    _In_ SIZE_T RegionSize
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwFlushInstructionCache(
    _In_ HANDLE ProcessHandle,
    _In_opt_ PVOID BaseAddress,
    _In_ SIZE_T RegionSize
    );

#endif

View code on GitHub

Function NtFlushInstructionCache empties execution cache for specified region of code. It should be used always after modification of process's executable memory (for example when NtLdr fills imported function's entries).

ProcessHandle

HANDLE to Process Object.

BaseAddress

Starting memory address to flush.

NumberOfBytesToFlush

Length of flushed memory block.

Documented by

See also

Edit description on GitHub