NTSTATUS NewZwOpenProcess (OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess,  IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL)
{
 HANDLE ProcessId;
 if ((ULONG *)ClientId > MmUserProbeAddress) return STATUS_INVALID_PARAMETER;
 __try
 {
  ProcessId = ClientId->UniqueProcess;
 }
__except(EXCEPTION_EXECUTE_HANDLER)
 {
   return STATUS_INVALID_PARAMETER;
 }

 if (ProcessId == ProtectedPid) 
{
   return STATUS_ACCESS_DENIED;
}
 else
{
  return TrueZwOpenProcess(ProcessHandle, DesiredAccess, ObjectAttributes, ClientId);
}

}

........................................
switch (*NtBuildNumber)
 {
   case 2195 :  //win 2k
    OpenProcId = 0x06A;
    break;
      
   case 2600 : //win xp
      OpenProcId = 0x07A;
      break;
   
   default :
       return STATUS_NOT_IMPLEMENTED;
      break;
  }
	

  TrueZwOpenProcess  = NTCALL(OpenProcId);

__asm
 {
  cli
  mov eax, cr0
  mov CR0Reg,eax
  and eax,0xFFFEFFFF		
  mov cr0, eax
 }

NTCALL(OpenProcId) = NewZwOpenProcess;

__asm
 {
  mov eax, CR0Reg    
  mov cr0, eax   
  sti                   
 }