I have experience with user mode hooks, which I believe you are trying to prevent as you are mentioning 'processes' instead of 'drivers' in ring0/kernal level hooks. Can you be more clear on what type of hooks you are trying to prevent, IAT patch, jmp patch/api redirection, etc. For the 'ExeLaunched' export: do you want to return the information on the process you are protecting ?