The classic Sysinternals tool Process Monitor uses a file system minifilter, registry minifilter and process/thread callbacks to get the information it provides.

An alternative way is to use Event Tracing for Windows (ETW) to get this information, without the need for a kernel driver. (Process Monitor does use ETW for network events).

See more info at this blog post.