I have register a callback for process creation using PsSetCreateProcessNotifyRoutineEx. My callback is getting called properly. In process creation callback, we get 3 parameters - PEPROCESS, HANDLE and CREATEINFO structure. In this callback I am calling function ZwFsControlFile, for getting some information of executing file.
Function ZwFsControlFile takes first parameter as FileHandle. Is there a way I can get this FileHandle without opening file using ZwOpenFile/ZwCreateFile in my minifilter driver.