NtFlushVirtualMemory - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTMMAPI_H
//
// Virtual memory
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Flushes the instruction cache for a specified process.
 *
 * @param ProcessHandle A handle to the process whose instruction cache is to be flushed.
 * @param BaseAddress A pointer to the base address of the region of memory to be flushed.
 * @param RegionSize A pointer to a variable that specifies the size of the region to be flushed.
 * @param IoStatus A pointer to an IO_STATUS_BLOCK structure that receives the status of the flush operation.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtFlushVirtualMemory(
    _In_ HANDLE ProcessHandle,
    _Inout_ PVOID *BaseAddress,
    _Inout_ PSIZE_T RegionSize,
    _Out_ PIO_STATUS_BLOCK IoStatus
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwFlushVirtualMemory(
    _In_ HANDLE ProcessHandle,
    _Inout_ PVOID *BaseAddress,
    _Inout_ PSIZE_T RegionSize,
    _Out_ PIO_STATUS_BLOCK IoStatus
    );

#endif

View code on GitHub

This function is documented in Windows Driver Kit.

NtFlushVirtualMemory flushes mapped section view to file.

ProcessHandle

HANDLE of process containing mapped view of section to flush.

*BaseAddress

Pointer to PVOID value containing address of memory area to flush.
On output this value is rounded to Page Size (0x1000).

NumberOfBytesToFlush

Pointer to ULONG value specifying length of area to flush. On output this value is rounded up to Page Size (0x1000).

IoStatusBlock

Pointer to IO_STATUS_BLOCK structure. After call Information member contains the same value as NumberOfBytesToFlush parameter.

WARNING: Two (or more) memory pages mapped in different calls of NtMapViewOfSection cannot be flushed in one function call, even if both has the same SECTION as a source.

Documented by

See also

Edit description on GitHub