diff --git a/cpp/ql/lib/ext/Windows.model.yml b/cpp/ql/lib/ext/Windows.model.yml
index 3dcde03f9a1b..8bfb3f48b918 100644
--- a/cpp/ql/lib/ext/Windows.model.yml
+++ b/cpp/ql/lib/ext/Windows.model.yml
@@ -31,3 +31,5 @@ extensions:
       # shellapi.h
       - ["", "", False, "CommandLineToArgvA", "", "", "Argument[*0]", "ReturnValue[**]", "taint", "manual"]
       - ["", "", False, "CommandLineToArgvW", "", "", "Argument[*0]", "ReturnValue[**]", "taint", "manual"]
+      # fileapi.h
+      - ["", "", False, "ReadFileEx", "", "", "Argument[*3].Field[@hEvent]", "Argument[4].Parameter[*2].Field[@hEvent]", "value", "manual"]
\ No newline at end of file
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
index c8babcb14548..4f333d4c36f5 100644
--- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
@@ -10,31 +10,31 @@ edges
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 |
-| test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | provenance | MaD:23507 |
-| test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | provenance | MaD:23508 |
-| test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | provenance | MaD:23509 |
+| test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | provenance | MaD:23508 |
+| test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | provenance | MaD:23509 |
+| test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | provenance | MaD:23510 |
 | test.cpp:7:47:7:52 | value2 | test.cpp:7:64:7:69 | value2 | provenance |  |
 | test.cpp:7:64:7:69 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | provenance |  |
-| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:10:10:10:18 | call to ymlSource | provenance | Src:MaD:23505  |
-| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:14:10:14:10 | x | provenance | Sink:MaD:23506 |
+| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:10:10:10:18 | call to ymlSource | provenance | Src:MaD:23506  |
+| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:14:10:14:10 | x | provenance | Sink:MaD:23507 |
 | test.cpp:10:10:10:18 | call to ymlSource | test.cpp:17:24:17:24 | x | provenance |  |
 | test.cpp:10:10:10:18 | call to ymlSource | test.cpp:21:27:21:27 | x | provenance |  |
 | test.cpp:10:10:10:18 | call to ymlSource | test.cpp:25:35:25:35 | x | provenance |  |
 | test.cpp:10:10:10:18 | call to ymlSource | test.cpp:32:41:32:41 | x | provenance |  |
 | test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:17:10:17:22 | call to ymlStepManual | provenance |  |
-| test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:18:10:18:10 | y | provenance | Sink:MaD:23506 |
+| test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:18:10:18:10 | y | provenance | Sink:MaD:23507 |
 | test.cpp:17:24:17:24 | x | test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | provenance |  |
-| test.cpp:17:24:17:24 | x | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | MaD:23507 |
+| test.cpp:17:24:17:24 | x | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | MaD:23508 |
 | test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance |  |
-| test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:22:10:22:10 | z | provenance | Sink:MaD:23506 |
+| test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:22:10:22:10 | z | provenance | Sink:MaD:23507 |
 | test.cpp:21:27:21:27 | x | test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | provenance |  |
-| test.cpp:21:27:21:27 | x | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | MaD:23508 |
+| test.cpp:21:27:21:27 | x | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | MaD:23509 |
 | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance |  |
-| test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:26:10:26:11 | y2 | provenance | Sink:MaD:23506 |
+| test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:26:10:26:11 | y2 | provenance | Sink:MaD:23507 |
 | test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | provenance |  |
-| test.cpp:25:35:25:35 | x | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | MaD:23509 |
+| test.cpp:25:35:25:35 | x | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | MaD:23510 |
 | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | provenance |  |
-| test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:33:10:33:11 | z2 | provenance | Sink:MaD:23506 |
+| test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:33:10:33:11 | z2 | provenance | Sink:MaD:23507 |
 | test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | provenance |  |
 | test.cpp:32:41:32:41 | x | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | provenance |  |
 | windows.cpp:6:8:6:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:6:8:6:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | provenance | MaD:341 |
@@ -48,30 +48,57 @@ edges
 | windows.cpp:23:17:23:38 | *call to GetEnvironmentStringsA | windows.cpp:23:17:23:38 | *call to GetEnvironmentStringsA | provenance | Src:MaD:327  |
 | windows.cpp:23:17:23:38 | *call to GetEnvironmentStringsA | windows.cpp:25:10:25:13 | * ... | provenance |  |
 | windows.cpp:28:36:28:38 | GetEnvironmentVariableA output argument | windows.cpp:30:10:30:13 | * ... | provenance | Src:MaD:329  |
-| windows.cpp:145:35:145:40 | ReadFile output argument | windows.cpp:147:10:147:16 | * ... | provenance | Src:MaD:331  |
-| windows.cpp:154:23:154:28 | ReadFileEx output argument | windows.cpp:156:10:156:16 | * ... | provenance | Src:MaD:332  |
-| windows.cpp:168:84:168:89 | NtReadFile output argument | windows.cpp:170:10:170:16 | * ... | provenance | Src:MaD:340  |
-| windows.cpp:245:23:245:35 | *call to MapViewOfFile | windows.cpp:245:23:245:35 | *call to MapViewOfFile | provenance | Src:MaD:333  |
-| windows.cpp:245:23:245:35 | *call to MapViewOfFile | windows.cpp:246:20:246:52 | *pMapView | provenance |  |
-| windows.cpp:246:20:246:52 | *pMapView | windows.cpp:248:10:248:16 | * ... | provenance |  |
-| windows.cpp:252:23:252:36 | *call to MapViewOfFile2 | windows.cpp:252:23:252:36 | *call to MapViewOfFile2 | provenance | Src:MaD:334  |
-| windows.cpp:252:23:252:36 | *call to MapViewOfFile2 | windows.cpp:253:20:253:52 | *pMapView | provenance |  |
-| windows.cpp:253:20:253:52 | *pMapView | windows.cpp:255:10:255:16 | * ... | provenance |  |
-| windows.cpp:261:23:261:36 | *call to MapViewOfFile3 | windows.cpp:261:23:261:36 | *call to MapViewOfFile3 | provenance | Src:MaD:335  |
-| windows.cpp:261:23:261:36 | *call to MapViewOfFile3 | windows.cpp:262:20:262:52 | *pMapView | provenance |  |
-| windows.cpp:262:20:262:52 | *pMapView | windows.cpp:264:10:264:16 | * ... | provenance |  |
-| windows.cpp:270:23:270:43 | *call to MapViewOfFile3FromApp | windows.cpp:270:23:270:43 | *call to MapViewOfFile3FromApp | provenance | Src:MaD:336  |
-| windows.cpp:270:23:270:43 | *call to MapViewOfFile3FromApp | windows.cpp:271:20:271:52 | *pMapView | provenance |  |
-| windows.cpp:271:20:271:52 | *pMapView | windows.cpp:273:10:273:16 | * ... | provenance |  |
-| windows.cpp:277:23:277:37 | *call to MapViewOfFileEx | windows.cpp:277:23:277:37 | *call to MapViewOfFileEx | provenance | Src:MaD:337  |
-| windows.cpp:277:23:277:37 | *call to MapViewOfFileEx | windows.cpp:278:20:278:52 | *pMapView | provenance |  |
-| windows.cpp:278:20:278:52 | *pMapView | windows.cpp:280:10:280:16 | * ... | provenance |  |
-| windows.cpp:284:23:284:42 | *call to MapViewOfFileFromApp | windows.cpp:284:23:284:42 | *call to MapViewOfFileFromApp | provenance | Src:MaD:338  |
-| windows.cpp:284:23:284:42 | *call to MapViewOfFileFromApp | windows.cpp:285:20:285:52 | *pMapView | provenance |  |
-| windows.cpp:285:20:285:52 | *pMapView | windows.cpp:287:10:287:16 | * ... | provenance |  |
-| windows.cpp:291:23:291:40 | *call to MapViewOfFileNuma2 | windows.cpp:291:23:291:40 | *call to MapViewOfFileNuma2 | provenance | Src:MaD:339  |
-| windows.cpp:291:23:291:40 | *call to MapViewOfFileNuma2 | windows.cpp:292:20:292:52 | *pMapView | provenance |  |
-| windows.cpp:292:20:292:52 | *pMapView | windows.cpp:294:10:294:16 | * ... | provenance |  |
+| windows.cpp:86:6:86:15 | [summary param] *3 in ReadFileEx [*hEvent] | windows.cpp:86:6:86:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | provenance |  |
+| windows.cpp:86:6:86:15 | [summary param] *3 in ReadFileEx [hEvent] | windows.cpp:86:6:86:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | provenance |  |
+| windows.cpp:86:6:86:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | provenance | MaD:343 |
+| windows.cpp:86:6:86:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx | provenance | MaD:343 |
+| windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] | windows.cpp:143:16:143:27 | *lpOverlapped [*hEvent] | provenance |  |
+| windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] | windows.cpp:153:16:153:27 | *lpOverlapped [hEvent] | provenance |  |
+| windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] | provenance |  |
+| windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx | windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] | provenance |  |
+| windows.cpp:143:16:143:27 | *lpOverlapped [*hEvent] | windows.cpp:145:42:145:53 | *lpOverlapped [*hEvent] | provenance |  |
+| windows.cpp:145:18:145:62 | *hEvent | windows.cpp:145:18:145:62 | *hEvent | provenance |  |
+| windows.cpp:145:18:145:62 | *hEvent | windows.cpp:147:8:147:14 | * ... | provenance |  |
+| windows.cpp:145:42:145:53 | *lpOverlapped [*hEvent] | windows.cpp:145:18:145:62 | *hEvent | provenance |  |
+| windows.cpp:145:42:145:53 | *lpOverlapped [*hEvent] | windows.cpp:145:56:145:61 | *hEvent | provenance |  |
+| windows.cpp:145:56:145:61 | *hEvent | windows.cpp:145:18:145:62 | *hEvent | provenance |  |
+| windows.cpp:153:16:153:27 | *lpOverlapped [hEvent] | windows.cpp:155:35:155:46 | *lpOverlapped [hEvent] | provenance |  |
+| windows.cpp:155:12:155:55 | hEvent | windows.cpp:155:12:155:55 | hEvent | provenance |  |
+| windows.cpp:155:12:155:55 | hEvent | windows.cpp:156:8:156:8 | c | provenance |  |
+| windows.cpp:155:35:155:46 | *lpOverlapped [hEvent] | windows.cpp:155:12:155:55 | hEvent | provenance |  |
+| windows.cpp:155:35:155:46 | *lpOverlapped [hEvent] | windows.cpp:155:12:155:55 | hEvent | provenance |  |
+| windows.cpp:164:35:164:40 | ReadFile output argument | windows.cpp:166:10:166:16 | * ... | provenance | Src:MaD:331  |
+| windows.cpp:173:23:173:28 | ReadFileEx output argument | windows.cpp:175:10:175:16 | * ... | provenance | Src:MaD:332  |
+| windows.cpp:185:21:185:26 | ReadFile output argument | windows.cpp:186:5:186:56 | *... = ... | provenance | Src:MaD:331  |
+| windows.cpp:186:5:186:14 | *overlapped [post update] [*hEvent] | windows.cpp:188:53:188:63 | *& ... [*hEvent] | provenance |  |
+| windows.cpp:186:5:186:56 | *... = ... | windows.cpp:186:5:186:14 | *overlapped [post update] [*hEvent] | provenance |  |
+| windows.cpp:188:53:188:63 | *& ... [*hEvent] | windows.cpp:86:6:86:15 | [summary param] *3 in ReadFileEx [*hEvent] | provenance |  |
+| windows.cpp:194:21:194:26 | ReadFile output argument | windows.cpp:195:5:195:57 | ... = ... | provenance | Src:MaD:331  |
+| windows.cpp:195:5:195:14 | *overlapped [post update] [hEvent] | windows.cpp:197:53:197:63 | *& ... [hEvent] | provenance |  |
+| windows.cpp:195:5:195:57 | ... = ... | windows.cpp:195:5:195:14 | *overlapped [post update] [hEvent] | provenance |  |
+| windows.cpp:197:53:197:63 | *& ... [hEvent] | windows.cpp:86:6:86:15 | [summary param] *3 in ReadFileEx [hEvent] | provenance |  |
+| windows.cpp:205:84:205:89 | NtReadFile output argument | windows.cpp:207:10:207:16 | * ... | provenance | Src:MaD:340  |
+| windows.cpp:282:23:282:35 | *call to MapViewOfFile | windows.cpp:282:23:282:35 | *call to MapViewOfFile | provenance | Src:MaD:333  |
+| windows.cpp:282:23:282:35 | *call to MapViewOfFile | windows.cpp:283:20:283:52 | *pMapView | provenance |  |
+| windows.cpp:283:20:283:52 | *pMapView | windows.cpp:285:10:285:16 | * ... | provenance |  |
+| windows.cpp:289:23:289:36 | *call to MapViewOfFile2 | windows.cpp:289:23:289:36 | *call to MapViewOfFile2 | provenance | Src:MaD:334  |
+| windows.cpp:289:23:289:36 | *call to MapViewOfFile2 | windows.cpp:290:20:290:52 | *pMapView | provenance |  |
+| windows.cpp:290:20:290:52 | *pMapView | windows.cpp:292:10:292:16 | * ... | provenance |  |
+| windows.cpp:298:23:298:36 | *call to MapViewOfFile3 | windows.cpp:298:23:298:36 | *call to MapViewOfFile3 | provenance | Src:MaD:335  |
+| windows.cpp:298:23:298:36 | *call to MapViewOfFile3 | windows.cpp:299:20:299:52 | *pMapView | provenance |  |
+| windows.cpp:299:20:299:52 | *pMapView | windows.cpp:301:10:301:16 | * ... | provenance |  |
+| windows.cpp:307:23:307:43 | *call to MapViewOfFile3FromApp | windows.cpp:307:23:307:43 | *call to MapViewOfFile3FromApp | provenance | Src:MaD:336  |
+| windows.cpp:307:23:307:43 | *call to MapViewOfFile3FromApp | windows.cpp:308:20:308:52 | *pMapView | provenance |  |
+| windows.cpp:308:20:308:52 | *pMapView | windows.cpp:310:10:310:16 | * ... | provenance |  |
+| windows.cpp:314:23:314:37 | *call to MapViewOfFileEx | windows.cpp:314:23:314:37 | *call to MapViewOfFileEx | provenance | Src:MaD:337  |
+| windows.cpp:314:23:314:37 | *call to MapViewOfFileEx | windows.cpp:315:20:315:52 | *pMapView | provenance |  |
+| windows.cpp:315:20:315:52 | *pMapView | windows.cpp:317:10:317:16 | * ... | provenance |  |
+| windows.cpp:321:23:321:42 | *call to MapViewOfFileFromApp | windows.cpp:321:23:321:42 | *call to MapViewOfFileFromApp | provenance | Src:MaD:338  |
+| windows.cpp:321:23:321:42 | *call to MapViewOfFileFromApp | windows.cpp:322:20:322:52 | *pMapView | provenance |  |
+| windows.cpp:322:20:322:52 | *pMapView | windows.cpp:324:10:324:16 | * ... | provenance |  |
+| windows.cpp:328:23:328:40 | *call to MapViewOfFileNuma2 | windows.cpp:328:23:328:40 | *call to MapViewOfFileNuma2 | provenance | Src:MaD:339  |
+| windows.cpp:328:23:328:40 | *call to MapViewOfFileNuma2 | windows.cpp:329:20:329:52 | *pMapView | provenance |  |
+| windows.cpp:329:20:329:52 | *pMapView | windows.cpp:331:10:331:16 | * ... | provenance |  |
 nodes
 | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
 | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |
@@ -127,40 +154,67 @@ nodes
 | windows.cpp:25:10:25:13 | * ... | semmle.label | * ... |
 | windows.cpp:28:36:28:38 | GetEnvironmentVariableA output argument | semmle.label | GetEnvironmentVariableA output argument |
 | windows.cpp:30:10:30:13 | * ... | semmle.label | * ... |
-| windows.cpp:145:35:145:40 | ReadFile output argument | semmle.label | ReadFile output argument |
-| windows.cpp:147:10:147:16 | * ... | semmle.label | * ... |
-| windows.cpp:154:23:154:28 | ReadFileEx output argument | semmle.label | ReadFileEx output argument |
-| windows.cpp:156:10:156:16 | * ... | semmle.label | * ... |
-| windows.cpp:168:84:168:89 | NtReadFile output argument | semmle.label | NtReadFile output argument |
-| windows.cpp:170:10:170:16 | * ... | semmle.label | * ... |
-| windows.cpp:245:23:245:35 | *call to MapViewOfFile | semmle.label | *call to MapViewOfFile |
-| windows.cpp:245:23:245:35 | *call to MapViewOfFile | semmle.label | *call to MapViewOfFile |
-| windows.cpp:246:20:246:52 | *pMapView | semmle.label | *pMapView |
-| windows.cpp:248:10:248:16 | * ... | semmle.label | * ... |
-| windows.cpp:252:23:252:36 | *call to MapViewOfFile2 | semmle.label | *call to MapViewOfFile2 |
-| windows.cpp:252:23:252:36 | *call to MapViewOfFile2 | semmle.label | *call to MapViewOfFile2 |
-| windows.cpp:253:20:253:52 | *pMapView | semmle.label | *pMapView |
-| windows.cpp:255:10:255:16 | * ... | semmle.label | * ... |
-| windows.cpp:261:23:261:36 | *call to MapViewOfFile3 | semmle.label | *call to MapViewOfFile3 |
-| windows.cpp:261:23:261:36 | *call to MapViewOfFile3 | semmle.label | *call to MapViewOfFile3 |
-| windows.cpp:262:20:262:52 | *pMapView | semmle.label | *pMapView |
-| windows.cpp:264:10:264:16 | * ... | semmle.label | * ... |
-| windows.cpp:270:23:270:43 | *call to MapViewOfFile3FromApp | semmle.label | *call to MapViewOfFile3FromApp |
-| windows.cpp:270:23:270:43 | *call to MapViewOfFile3FromApp | semmle.label | *call to MapViewOfFile3FromApp |
-| windows.cpp:271:20:271:52 | *pMapView | semmle.label | *pMapView |
-| windows.cpp:273:10:273:16 | * ... | semmle.label | * ... |
-| windows.cpp:277:23:277:37 | *call to MapViewOfFileEx | semmle.label | *call to MapViewOfFileEx |
-| windows.cpp:277:23:277:37 | *call to MapViewOfFileEx | semmle.label | *call to MapViewOfFileEx |
-| windows.cpp:278:20:278:52 | *pMapView | semmle.label | *pMapView |
-| windows.cpp:280:10:280:16 | * ... | semmle.label | * ... |
-| windows.cpp:284:23:284:42 | *call to MapViewOfFileFromApp | semmle.label | *call to MapViewOfFileFromApp |
-| windows.cpp:284:23:284:42 | *call to MapViewOfFileFromApp | semmle.label | *call to MapViewOfFileFromApp |
-| windows.cpp:285:20:285:52 | *pMapView | semmle.label | *pMapView |
-| windows.cpp:287:10:287:16 | * ... | semmle.label | * ... |
-| windows.cpp:291:23:291:40 | *call to MapViewOfFileNuma2 | semmle.label | *call to MapViewOfFileNuma2 |
-| windows.cpp:291:23:291:40 | *call to MapViewOfFileNuma2 | semmle.label | *call to MapViewOfFileNuma2 |
-| windows.cpp:292:20:292:52 | *pMapView | semmle.label | *pMapView |
-| windows.cpp:294:10:294:16 | * ... | semmle.label | * ... |
+| windows.cpp:86:6:86:15 | [summary param] *3 in ReadFileEx [*hEvent] | semmle.label | [summary param] *3 in ReadFileEx [*hEvent] |
+| windows.cpp:86:6:86:15 | [summary param] *3 in ReadFileEx [hEvent] | semmle.label | [summary param] *3 in ReadFileEx [hEvent] |
+| windows.cpp:86:6:86:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | semmle.label | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx |
+| windows.cpp:86:6:86:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | semmle.label | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx |
+| windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] | semmle.label | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] |
+| windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] | semmle.label | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] |
+| windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | semmle.label | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx |
+| windows.cpp:86:6:86:15 | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx | semmle.label | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx |
+| windows.cpp:143:16:143:27 | *lpOverlapped [*hEvent] | semmle.label | *lpOverlapped [*hEvent] |
+| windows.cpp:145:18:145:62 | *hEvent | semmle.label | *hEvent |
+| windows.cpp:145:18:145:62 | *hEvent | semmle.label | *hEvent |
+| windows.cpp:145:42:145:53 | *lpOverlapped [*hEvent] | semmle.label | *lpOverlapped [*hEvent] |
+| windows.cpp:145:56:145:61 | *hEvent | semmle.label | *hEvent |
+| windows.cpp:147:8:147:14 | * ... | semmle.label | * ... |
+| windows.cpp:153:16:153:27 | *lpOverlapped [hEvent] | semmle.label | *lpOverlapped [hEvent] |
+| windows.cpp:155:12:155:55 | hEvent | semmle.label | hEvent |
+| windows.cpp:155:12:155:55 | hEvent | semmle.label | hEvent |
+| windows.cpp:155:35:155:46 | *lpOverlapped [hEvent] | semmle.label | *lpOverlapped [hEvent] |
+| windows.cpp:156:8:156:8 | c | semmle.label | c |
+| windows.cpp:164:35:164:40 | ReadFile output argument | semmle.label | ReadFile output argument |
+| windows.cpp:166:10:166:16 | * ... | semmle.label | * ... |
+| windows.cpp:173:23:173:28 | ReadFileEx output argument | semmle.label | ReadFileEx output argument |
+| windows.cpp:175:10:175:16 | * ... | semmle.label | * ... |
+| windows.cpp:185:21:185:26 | ReadFile output argument | semmle.label | ReadFile output argument |
+| windows.cpp:186:5:186:14 | *overlapped [post update] [*hEvent] | semmle.label | *overlapped [post update] [*hEvent] |
+| windows.cpp:186:5:186:56 | *... = ... | semmle.label | *... = ... |
+| windows.cpp:188:53:188:63 | *& ... [*hEvent] | semmle.label | *& ... [*hEvent] |
+| windows.cpp:194:21:194:26 | ReadFile output argument | semmle.label | ReadFile output argument |
+| windows.cpp:195:5:195:14 | *overlapped [post update] [hEvent] | semmle.label | *overlapped [post update] [hEvent] |
+| windows.cpp:195:5:195:57 | ... = ... | semmle.label | ... = ... |
+| windows.cpp:197:53:197:63 | *& ... [hEvent] | semmle.label | *& ... [hEvent] |
+| windows.cpp:205:84:205:89 | NtReadFile output argument | semmle.label | NtReadFile output argument |
+| windows.cpp:207:10:207:16 | * ... | semmle.label | * ... |
+| windows.cpp:282:23:282:35 | *call to MapViewOfFile | semmle.label | *call to MapViewOfFile |
+| windows.cpp:282:23:282:35 | *call to MapViewOfFile | semmle.label | *call to MapViewOfFile |
+| windows.cpp:283:20:283:52 | *pMapView | semmle.label | *pMapView |
+| windows.cpp:285:10:285:16 | * ... | semmle.label | * ... |
+| windows.cpp:289:23:289:36 | *call to MapViewOfFile2 | semmle.label | *call to MapViewOfFile2 |
+| windows.cpp:289:23:289:36 | *call to MapViewOfFile2 | semmle.label | *call to MapViewOfFile2 |
+| windows.cpp:290:20:290:52 | *pMapView | semmle.label | *pMapView |
+| windows.cpp:292:10:292:16 | * ... | semmle.label | * ... |
+| windows.cpp:298:23:298:36 | *call to MapViewOfFile3 | semmle.label | *call to MapViewOfFile3 |
+| windows.cpp:298:23:298:36 | *call to MapViewOfFile3 | semmle.label | *call to MapViewOfFile3 |
+| windows.cpp:299:20:299:52 | *pMapView | semmle.label | *pMapView |
+| windows.cpp:301:10:301:16 | * ... | semmle.label | * ... |
+| windows.cpp:307:23:307:43 | *call to MapViewOfFile3FromApp | semmle.label | *call to MapViewOfFile3FromApp |
+| windows.cpp:307:23:307:43 | *call to MapViewOfFile3FromApp | semmle.label | *call to MapViewOfFile3FromApp |
+| windows.cpp:308:20:308:52 | *pMapView | semmle.label | *pMapView |
+| windows.cpp:310:10:310:16 | * ... | semmle.label | * ... |
+| windows.cpp:314:23:314:37 | *call to MapViewOfFileEx | semmle.label | *call to MapViewOfFileEx |
+| windows.cpp:314:23:314:37 | *call to MapViewOfFileEx | semmle.label | *call to MapViewOfFileEx |
+| windows.cpp:315:20:315:52 | *pMapView | semmle.label | *pMapView |
+| windows.cpp:317:10:317:16 | * ... | semmle.label | * ... |
+| windows.cpp:321:23:321:42 | *call to MapViewOfFileFromApp | semmle.label | *call to MapViewOfFileFromApp |
+| windows.cpp:321:23:321:42 | *call to MapViewOfFileFromApp | semmle.label | *call to MapViewOfFileFromApp |
+| windows.cpp:322:20:322:52 | *pMapView | semmle.label | *pMapView |
+| windows.cpp:324:10:324:16 | * ... | semmle.label | * ... |
+| windows.cpp:328:23:328:40 | *call to MapViewOfFileNuma2 | semmle.label | *call to MapViewOfFileNuma2 |
+| windows.cpp:328:23:328:40 | *call to MapViewOfFileNuma2 | semmle.label | *call to MapViewOfFileNuma2 |
+| windows.cpp:329:20:329:52 | *pMapView | semmle.label | *pMapView |
+| windows.cpp:331:10:331:16 | * ... | semmle.label | * ... |
 subpaths
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | asio_streams.cpp:100:44:100:62 | call to buffer |
 | test.cpp:17:24:17:24 | x | test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | test.cpp:17:10:17:22 | call to ymlStepManual |
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/sources.expected b/cpp/ql/test/library-tests/dataflow/external-models/sources.expected
index f8d2da8a0023..a50ce484e1c0 100644
--- a/cpp/ql/test/library-tests/dataflow/external-models/sources.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/sources.expected
@@ -3,13 +3,17 @@
 | windows.cpp:11:15:11:29 | *call to GetCommandLineA | local |
 | windows.cpp:23:17:23:38 | *call to GetEnvironmentStringsA | local |
 | windows.cpp:28:36:28:38 | GetEnvironmentVariableA output argument | local |
-| windows.cpp:145:35:145:40 | ReadFile output argument | local |
-| windows.cpp:154:23:154:28 | ReadFileEx output argument | local |
-| windows.cpp:168:84:168:89 | NtReadFile output argument | local |
-| windows.cpp:245:23:245:35 | *call to MapViewOfFile | local |
-| windows.cpp:252:23:252:36 | *call to MapViewOfFile2 | local |
-| windows.cpp:261:23:261:36 | *call to MapViewOfFile3 | local |
-| windows.cpp:270:23:270:43 | *call to MapViewOfFile3FromApp | local |
-| windows.cpp:277:23:277:37 | *call to MapViewOfFileEx | local |
-| windows.cpp:284:23:284:42 | *call to MapViewOfFileFromApp | local |
-| windows.cpp:291:23:291:40 | *call to MapViewOfFileNuma2 | local |
+| windows.cpp:164:35:164:40 | ReadFile output argument | local |
+| windows.cpp:173:23:173:28 | ReadFileEx output argument | local |
+| windows.cpp:185:21:185:26 | ReadFile output argument | local |
+| windows.cpp:188:23:188:29 | ReadFileEx output argument | local |
+| windows.cpp:194:21:194:26 | ReadFile output argument | local |
+| windows.cpp:197:23:197:29 | ReadFileEx output argument | local |
+| windows.cpp:205:84:205:89 | NtReadFile output argument | local |
+| windows.cpp:282:23:282:35 | *call to MapViewOfFile | local |
+| windows.cpp:289:23:289:36 | *call to MapViewOfFile2 | local |
+| windows.cpp:298:23:298:36 | *call to MapViewOfFile3 | local |
+| windows.cpp:307:23:307:43 | *call to MapViewOfFile3FromApp | local |
+| windows.cpp:314:23:314:37 | *call to MapViewOfFileEx | local |
+| windows.cpp:321:23:321:42 | *call to MapViewOfFileFromApp | local |
+| windows.cpp:328:23:328:40 | *call to MapViewOfFileNuma2 | local |
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
index ff5ad36e15cf..a1511035d9e5 100644
--- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
@@ -3771,3 +3771,7 @@
 | Dubious signature "(wchar_t *)" in summary model. |
 | Dubious signature "(wchar_t, const CStringT &)" in summary model. |
 | Dubious signature "(wchar_t,const CStringT &)" in summary model. |
+| Unrecognized input specification "Field[****hEvent]" in summary model. |
+| Unrecognized input specification "Field[***hEvent]" in summary model. |
+| Unrecognized output specification "Field[****hEvent]" in summary model. |
+| Unrecognized output specification "Field[***hEvent]" in summary model. |
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp b/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp
index 382f534dde88..3d45afc6609d 100644
--- a/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp
+++ b/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp
@@ -137,6 +137,25 @@ void FileIOCompletionRoutine(
   sink(*buffer); // $ MISSING: ir
 }
 
+void FileIOCompletionRoutine2(
+  DWORD dwErrorCode,
+  DWORD dwNumberOfBytesTransfered,
+  LPOVERLAPPED lpOverlapped
+) {
+  char* buffer = reinterpret_cast<char*>(lpOverlapped->hEvent);
+  sink(buffer);
+  sink(*buffer); // $ ir
+}
+
+void FileIOCompletionRoutine3(
+  DWORD dwErrorCode,
+  DWORD dwNumberOfBytesTransfered,
+  LPOVERLAPPED lpOverlapped
+) {
+  char c = reinterpret_cast<char>(lpOverlapped->hEvent);
+  sink(c); // $ ir
+}
+
 void readFile(HANDLE hFile) {
   {
     char buffer[1024];
@@ -159,6 +178,24 @@ void readFile(HANDLE hFile) {
     sink(p);
     sink(*p); // $ MISSING: ir
   }
+  
+  {
+    char buffer[1024];
+    OVERLAPPED overlapped;
+    ReadFile(hFile, buffer, sizeof(buffer), nullptr, nullptr);
+    overlapped.hEvent = reinterpret_cast<HANDLE>(buffer);
+    char buffer2[1024];
+    ReadFileEx(hFile, buffer2, sizeof(buffer2) - 1, &overlapped, FileIOCompletionRoutine2);
+  }
+
+  {
+    char buffer[1024];
+    OVERLAPPED overlapped;
+    ReadFile(hFile, buffer, sizeof(buffer), nullptr, nullptr);
+    overlapped.hEvent = reinterpret_cast<HANDLE>(*buffer);
+    char buffer2[1024];
+    ReadFileEx(hFile, buffer2, sizeof(buffer2) - 1, &overlapped, FileIOCompletionRoutine3);
+  }
 
   {
     char buffer[1024];