To configure the Linux kernel with kprobes support, you need to:

• Define the CONFIG_KPROBES configuration variable.
• Define CONFIG_MODULES and CONFIG_MODULE_UNLOAD so that modules can be used to register probes.
• Define CONFIG_KALLSYMS and CONFIG_KALLSYMS_ALL so that kernel symbols can be looked up.
• Optionally, define the CONFIG_DEBUG_INFO configuration variable so that probes can be inserted in the middle of functions as offsets from the entry point. To find the insertion point, you can use objdump, as seen in the following excerpt for the do_sys_open function:

$ arm-poky-linux-gnueabi-objdump -d -l vmlinux | grep 
   do_sys_open 
8010bfa8 <do_sys_open>: 
do_sys_open(): 
8010c034:       0a000036        beq     8010c114 
   <do_sys_open+0x16c> 
8010c044:       1a000031        bne     8010c110 
   <do_sys_open+0x168> 

The kprobes API is defined in the kprobes.h file and includes registration/unregistration and enabling/disabling functions for the three types of probes as follows:

#include <linux/kprobes.h> 
int register_kprobe(struct kprobe *kp); 
int register_jprobe(struct jprobe *jp) 
int register_kretprobe(struct kretprobe *rp); 
 
void unregister_kprobe(struct kprobe *kp); 
void unregister_jprobe(struct jprobe *jp); 
void unregister_kretprobe(struct kretprobe *rp); 

By default, a kprobe probe is enabled when registering, except when the KPROBE_FLAG_DISABLED flag is passed. The following function definitions enable or disable the probe:

int disable_kprobe(struct kprobe *kp); 
int disable_kretprobe(struct kretprobe *rp); 
int disable_jprobe(struct jprobe *jp); 
 
int enable_kprobe(struct kprobe *kp); 
int enable_kretprobe(struct kretprobe *rp); 
int enable_jprobe(struct jprobe *jp); 

The registered kprobe probes can be listed through the debugfs filesystem:

$ cat /sys/kernel/debug/kprobes/list  

They can be globally enabled or disabled with the following:

$ echo 0/1 > /sys/kernel/debug/kprobes/enabled