registerkprobe

register_kprobe is a Linux kernel API function used to activate a kprobe, a dynamic instrumentation mechanism that allows probing of kernel code at runtime. A kprobe is described by a struct kprobe, which identifies the target point either by an exact instruction address (kp.addr) or by a kernel symbol name (kp.symbol_name). In addition to the target, the struct can specify optional callbacks such as a pre_handler (executed before the target instruction), a post_handler (executed after), and a fault_handler (invoked if a fault occurs while handling the probe). After configuring the struct, a caller—typically a kernel module—invokes register_kprobe(&kp) to install the probe. If registration succeeds, the kernel places a breakpoint at the target and the handlers are invoked on hits. The function returns 0 on success or a negative errno on failure (for example, -EINVAL for invalid parameters, -ENOENT if the specified symbol cannot be found, -EBUSY if a probe already exists at the target).

Probes remain active until they are removed with unregister_kprobe(&kp) or until the module is unloaded. unregister_kprobe

Use cases for register_kprobe include debugging, runtime tracing, and lightweight performance measurements without recompiling the kernel.