RtlGetUnloadEventTraceEx - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTRTL_H

/**
 * Retrieves the size and location of the dynamically unloaded module list for the current process.
 *
 * @param ElementSize A pointer to a variable that contains the size of an element in the list.
 * @param ElementCount A pointer to a variable that contains the number of elements in the list.
 * @param EventTrace A pointer to an array of RTL_UNLOAD_EVENT_TRACE structures.
 * @return A pointer to an array of unload events.
 * @sa https://learn.microsoft.com/en-us/windows/win32/devnotes/rtlgetunloadeventtraceex
 */
NTSYSAPI
PRTL_UNLOAD_EVENT_TRACE
NTAPI
RtlGetUnloadEventTraceEx(
    _Out_ PULONG *ElementSize,
    _Out_ PULONG *ElementCount,
    _Out_ PVOID *EventTrace // works across all processes
    );

#endif

View code on GitHub

This function is documented in Windows SDK.

Edit description on GitHub