Best way to block a process creation with PsSetCreateProcessNotifyRoutine in pre vista?

Hello everyone,

What is the best way to terminate processes using PsSetCreateProcessNotifyRoutine callbacks? considering that pre vista systems dont support PsSetCreateProcessNotifyRoutineEx.

One method that came to my mind was this, but please let me know if it has any problems or if there is any better way :

  1. Use PsLookupProcessByProcessId with the ProcessId to get the process structure
  2. Use ObOpenObjectByPointer with the process structure to get a handle
  3. Use the handle and pass it to ZwTerminateProcess

I used it on an XP system and it seems to work without problems, but please let me know if there is any better way to block processes from creation using PCREATE_PROCESS_NOTIFY_ROUTINE callbacks.

Regards,
Brandon.