I want to know if it is possible to hook a kretprobe on a kernel function and capture it's return value in the return handler of kretprobe.
It's little bit old question, but for those who is still looking for an answer..
How to register kretprobe you can see in the documentation for kprobes (https://www.kernel.org/doc/Documentation/kprobes.txt)
An architecture independent function that captures ret value from syscalls:
#include <linux/ptrace.h>
...
int hook_retcode(struct kretprobe_instance *ri, struct pt_regs *regs)
{
unsigned long retval = 0;
retval = regs_return_value(regs);
if (is_syscall_success(regs))
{
printk("%pf exited with a code %#lx\n", ri->rp->kp.addr, retval);
}
else
{
printk("%pf failed with a code %#lx\n", ri->rp->kp.addr, retval);
}
}