Nope, doesn't quite work that way.
The problem isn't the good guys who will use your system exactly as described. The problem is the attackers.
No matter how well you implement it, an attacker WILL find a vulnerability if your system is valuable enough.
but except/besides vulneralibilities the process is not able to read or write another parts of the system except of that that he can use system api (which can be also limited to him also if need) ?
(im not saying that i like limiting things, I would like to take ingerence in anything if need)
In practice the attackers will still find something. It may take time to find it, but it will happen if there is value to the system. They will always exist in non-trivial software.
Even on high-security operating systems and classified military systems attackers find ways in; on those systems things like CPU cycles, disk space, even network congestion provides vectors for transmission. On something written by a common programmer like you or me attacks are trivially available through things like buffer overruns and other bad data no matter how hard we try to eliminate them.
I was not asking about this, More about the thing if process in windows is in genereal closed tu 'rummage' in other processes or is in general open for this (i dont mean api avaliable to this purpose but presence or not presence of some kind of shields) - I dont know this (except that i m about to know that system adress space and its contents is guarded - but i dont know what with other processes
I suppose that ram is guarded (though i dont know the details) but what with that if disk contents are not guarded andy any proces can overwrite and destroy (or add to startup etc) what she wants
(i would like to have an options to change any byte of runtime in my system memory or images, but also would like to get maybe some barriers to prevent anyprogram to overvrite all my data if she got this idea,
This seem strange to me RAM is guarded (at least partially) but disk contents are not (afaik)
