My idea is, to make a pop up window for every new process that will be created so I can be sure, that there are only processes with my permission.
The question is, how I link my function in before Windows is creating the new process.
I tried some dll injections but it does not work.
Has anyone a solution for this problem or is it even not possible?
The legitimte way of doing this is to create a kernel driver that uses
PsSetCreate|ProcessNotifyRoutineEx (supported on Vista SP1 and later) to control process creation (and termination). This routine allows you to register a callback function that is invoked when either a process is being created, or is terminating. In the creation case, your callback may decide to block the process. The callback gets following information about the new process:
1) image file name,
2) command line arguments,
4) PID of its parent,
5) TID:PID of the creating process and thread.
If you do not wish to develop a kernel driver, you can an approximate solution. AFAIK WMI is able to notify you that a new process has just been created. When you get the notification, you may tre to suspend the process and ask the user about it (or do anything you wish).