Cannot duplicate handle of file with known path, but have its HANDLE_ENTRY_INFO

Question

I have 5 processes. I have their process ids. Each of these process locks their own parent.lock file. I have these parent.lock file paths in an array called PARENT_LOCKS_PATHS.

Using NtQuerySystemInformation and SystemHandleInformation I got a list which returns SYSTEM_HANDLE_TABLE_ENTRY_INFO for all handles in use by these 5 processes. They are grouped by PID.

Structure of SYSTEM_HANDLE_TABLE_ENTRY_INFO:

var SYSTEM_HANDLE_TABLE_ENTRY_INFO = new ctypes.StructType('SYSTEM_HANDLE_TABLE_ENTRY_INFO', [ //typedef struct _TagHANDLEINFO
    {'UniqueProcessId': ctypes.unsigned_short},
    {'CreatorBackTraceIndex': ctypes.unsigned_short},
    {'ObjectTypeIndex': ctypes.unsigned_char},
    {'HandleAttributes': ctypes.unsigned_char},
    {'HandleValue': ctypes.unsigned_short},
    {'Object': ctypes.uint32_t},
    {'GrantedAccess': ctypes.unsigned_long}
]); //HANDLEINFO, PHANDLEINFO;

In each PID group, I know which handle is the parent.lock file, I know this because the parent.lock file is the only handle that has GrantedAccess of 1048704. So I have an object which has the PID linked with its parent.lock handle entry info.

So now the issue is: I want to identify, which parent.lock file belongs to which path in the PARENT_LOCKS_PATHS file without being able to use GetFinalPathNameByHandle (as i need to support xp). I couldn't duplicate the handle id, because the file is locked it was created/opened with:

 mLockFileHandle = CreateFileW(filePath.get(),
                               GENERIC_READ | GENERIC_WRITE,
                               0, // no sharing - of course
                               nullptr,
                               CREATE_ALWAYS,
                               0,
                               nullptr);

Here is a graphic of my situation (thanks to visio):

Answer 1

For XP, you can use NtQueryInformationFile() with the FileNameInformation info class.