About the methods of process monitoring

[hardtolose]

I am making a lightweight windows process monitoring demo, which can sense the start and end of the process in real time, I do not want to use NT kernel-mode driver. nor ETW or WMI, they will have a certain delay, poor effect for instantaneous processes.

Is there any other way to solve this problem?

[zodiacon]

You can always enumerate processes every interval (1 sec, 500 msec, whatever), and compare with the previous list for changes. This is how Task Manager and Process Explorer work.