Hi there

i have a question about driver development on windows x64 systems.
i am pretty new in this topic (drivers generally) so please have patience with me
atm im playin a bit around with hooks and ofc i noticed that most stuff like ssdt and idt hooks or modifying the eprocess structure is forbidden
by the kpp on 64bit ;X
my question is: is there any kind of "legit" way of "hooking" functions (specialy process management)
and if not how do modern antivirus programms handle this.