1 typedef NTSTATUS (NTAPI *PFN_ZwQueryObject)( 2 IN HANDLE ObjectHandle, 3 IN ULONG ObjectInformationClass, 4 OUT PVOID ObjectInformation, 5 IN ULONG ObjectInformationLength, 6 OUT PULONG ReturnLength OPTIONAL 7 ); 8 9 PFN_ZwQueryObject g_ZwQueryObject = (PFN_ZwQueryObject)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),"ZwQueryObject"); 10 11 12 13 BOOL GetPathByHandle(HANDLE hFile, LPWSTR lpBuf, DWORD nBuf) 14 { 15 ULONG m, n; 16 WCHAR lpPath[MAX_PATH+4]; 17 WCHAR lpDrive[MAX_PATH]; 18 WCHAR lpDevName[MAX_PATH]; 19 if (g_ZwQueryObject(hFile, 1, lpPath, MAX_PATH+4, &m) >= 0 && 20 (m = GetLogicalDriveStringsW(MAX_PATH, lpDrive)) && m < MAX_PATH) 21 { 22 WCHAR *p = lpDrive; 23 while (m = wcslen(p)) 24 { 25 p[m-1] = L'\0'; 26 n = QueryDosDeviceW(p, lpDevName, MAX_PATH); 27 if (n && n < MAX_PATH) 28 { 29 n = wcslen(lpDevName); 30 if (!wcsnicmp(lpPath+4, lpDevName, n)) 31 { 32 wcsncpy(lpBuf, p, nBuf); 33 if (nBuf > 2) wcsncpy(lpBuf+2, lpPath+4+n, nBuf-2); 34 return TRUE; 35 } 36 } 37 p += m + 1; 38 } 39 } 40 return FALSE; 41 }