Kprobe has a pre-handler function vaguely documented as followed: I was wondering if one can use this function (or any other Kprobe feature) to prevent a process from being executed forked. Answer As documented in the kernel documentation, you can change the execution path by changing the appropriate registeā¦