如何判断Windows内核事件对象是自动重置还是手动重置？

您需要做的第一件事是弄清楚给您的句柄是否是一个事件.你使用NtQueryObject.此功能记录在此处：http://msdn.microsoft.com/en-us/library/bb432383(v=vs.85).aspx.它附带了本机API的通常附带条款,它可能会在不另行通知的情况下消失或更改.部分示例：

#include <winternl.h>

typedef NTSTATUS (NTAPI * PFN_NtQueryObject)(
    HANDLE Handle,OBJECT_INFORMATION_CLASS ObjectInformationClass,PVOID ObjectInformation,ULONG ObjectInformationLength,PULONG ReturnLength );

HMODULE ntdll = GetModuleHandle( L"ntdll.dll" );

auto NtQueryObject = (PFN_NtQueryObject)GetProcAddress( ntdll,"NtQueryObject" );

NTSTATUS result = NtQueryObject(
    eventHandle,ObjectTypeInformation,buffer,length,&length );

这将为您提供PUBLIC_OBJECT_TYPE_INFORMATION结构.如果对象实际上是一个事件,则TypeName字段将为“Event”.

接下来,调用NtQueryEvent来获取事件的类型.所有这些都完全没有记录.

typedef enum _EVENT_INFORMATION_CLASS {
    EventBasicInformation
} EVENT_INFORMATION_CLASS,*PEVENT_INFORMATION_CLASS;

typedef enum _EVENT_TYPE {
    NotificationEvent,SynchronizationEvent
} EVENT_TYPE,*PEVENT_TYPE;

typedef struct _EVENT_BASIC_INFORMATION {
  EVENT_TYPE              EventType;
  LONG                    EventState;
} EVENT_BASIC_INFORMATION,*PEVENT_BASIC_INFORMATION;

typedef NTSTATUS (NTAPI * PFN_NtQueryEvent)(
    HANDLE EventHandle,EVENT_INFORMATION_CLASS EventInformationClass,PVOID EventInformation,ULONG EventInformationLength,PULONG ReturnLength );

auto NtQueryEvent = (PFN_NtQueryEvent)GetProcAddress( ntdll,"NtQueryEvent" );

EVENT_BASIC_INFORMATION info;
ULONG length = sizeof( info );

NTSTATUS result = NtQueryEvent(
    eventHandle,EventBasicInformation,&info,&length );

现在,只需检查信息中的EventType字段即可. “NotificationEvent”表示手动复位,“SynchronizationEvent”表示自动复位.

如果你想知道我如何计算出第二部分,我没有.信息来自：http://undocumented.ntinternals.net/.请负责任地使用！