#ifndef _NTEXAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The NtQueryEvent routine retrieves information about an event object.
 *
 * @param EventHandle A handle to the event object.
 * @param EventInformationClass The type of information to be retrieved.
 * @param EventInformation A pointer to a buffer that receives the requested information.
 * @param EventInformationLength The size of the buffer pointed to by EventInformation.
 * @param ReturnLength A pointer to a variable that receives the size of the data returned in the buffer.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryEvent(
    _In_ HANDLE EventHandle,
    _In_ EVENT_INFORMATION_CLASS EventInformationClass,
    _Out_writes_bytes_(EventInformationLength) PVOID EventInformation,
    _In_ ULONG EventInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryEvent(
    _In_ HANDLE EventHandle,
    _In_ EVENT_INFORMATION_CLASS EventInformationClass,
    _Out_writes_bytes_(EventInformationLength) PVOID EventInformation,
    _In_ ULONG EventInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
View code on GitHub

EventHandle

HANDLE to Event Object opened with EVENT_QUERY_STATE access.

EventInformationClass

See EVENT_INFORMATION_CLASS for details.

EventInformation

Caller's allocated buffer for result data.

EventInformationLength

Length of EventInformation buffer, in bytes.

ReturnLength

Returns required/used size of EventInformation buffer.

Currently there're only one information class for use with Event Object. See EVENT_INFORMATION_CLASS for details.

Documented by

Tomasz Nowak