Acquiring Registry Path using NtQueryObject

I need to acquire registry path by it's handle in runtime. For this, I'm using NtQueryObject function. My problem is that NtQueryObject gives me the path in strange format (see image below).

I guess, this is the kind of format you need to use when you are writing drivers, but I want to have this path converted to standard reg path, such as

HKEY_LOCAL_MACHINE\Softw开发者_如何学编程are\Microsoft\Windows\CurrentVersion\Run". 

Currently I'm replacing

 \REGISTRY\MACHINE\etc

with

HKEY_LOCAL_MACHINE\etc

but this Wow6432Node key is a problem. I guess it's name will vary across different machines, even 32 bit windows didn't have that key there. So my question is, is there any standard way to do reg path conversion (maybe some win api does it)?

The Wow6432Node really is part of the registry path to that particular key, although it is hidden from 32-bit processes. If you look in the Software key with Regedit you will find Wow6432Node.

On 64-bit systems both HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run exist. Depending on what you are trying to do, you may need to work with both of them or only one.

This describes the registry keys affected by WOW64:

http://msdn.microsoft.com/en-us/library/aa384253%28v=VS.85%29.aspx

You can explicitly access the 32-bit or 64-bit view of the registry as described here:

http://msdn.microsoft.com/en-us/library/aa384129%28v=VS.85%29.aspx