Kprobe has a pre-handler function vaguely documented as followed: I was wondering if one can use this function (or any other Kprobe feature) to prevent a process from being executed forked. Answer As documented in the kernel documentation, you can change the execution path by changing the appropriate register (e.g., IP register in x86): So you might be able