1 typedef NTSTATUS (NTAPI *PFN_ZwQueryObject)( 
 2     IN HANDLE ObjectHandle, 
 3     IN ULONG ObjectInformationClass, 
 4     OUT PVOID ObjectInformation, 
 5     IN ULONG ObjectInformationLength, 
 6     OUT PULONG ReturnLength OPTIONAL 
 7     ); 
 8 
 9 PFN_ZwQueryObject g_ZwQueryObject = (PFN_ZwQueryObject)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),"ZwQueryObject");
10 
11 
12   
13 BOOL GetPathByHandle(HANDLE hFile, LPWSTR lpBuf, DWORD nBuf) 
14 { 
15     ULONG m, n; 
16     WCHAR lpPath[MAX_PATH+4]; 
17     WCHAR lpDrive[MAX_PATH]; 
18     WCHAR lpDevName[MAX_PATH]; 
19     if (g_ZwQueryObject(hFile, 1, lpPath, MAX_PATH+4, &m) >= 0 && 
20         (m = GetLogicalDriveStringsW(MAX_PATH, lpDrive)) && m < MAX_PATH) 
21     { 
22         WCHAR *p = lpDrive; 
23         while (m = wcslen(p)) 
24         { 
25             p[m-1] = L'\0'; 
26             n = QueryDosDeviceW(p, lpDevName, MAX_PATH); 
27             if (n && n < MAX_PATH) 
28             { 
29                 n = wcslen(lpDevName); 
30                 if (!wcsnicmp(lpPath+4, lpDevName, n)) 
31                 { 
32                     wcsncpy(lpBuf, p, nBuf); 
33                     if (nBuf > 2) wcsncpy(lpBuf+2, lpPath+4+n, nBuf-2); 
34                     return TRUE; 
35                 } 
36             } 
37             p += m + 1; 
38         } 
39     } 
40     return FALSE; 
41 }