a couple of comments:
* IMO the bits for calling NtFlushInstructionCache should be put in a separate change * do you have any indication that native does flush the insn cache? (can be tricky to test). and if so, is it done in kernelbase or ntdll? * I'm concerned with the call to query the protection before the write op. did you made some perf measurement here? I wonder if we shouldn't do it in the fallback case of a failing write? or unprotect first unconditionnally, or... * tests would be welcomed too * as a test case, it would be interesting to have a write across two pages, each one with a different protection, so see how it should behave (your code assumes that all pages have the same protection as the first one). maybe it's how native behaves, but it's worth checking it