Kernel Probes

Dec 15, 2023

Kprobes enables you to break
into any kernel routine and
collect debugging information.

Kprobes can change the register set,
since it operates on a running kernel
and needs deep knowledge of computer
architecture and concurrent computing,
you can easily shoot your foot.

Here are some useful materials:
Kprobes Official Documentation
Kprobe-based Event Tracing
Kprobes Sample Kernel Module