i'm trying to learn to parser the params of a syscall, for example to log which programs are being executed in my system, but i don't know how to do it.

That's the source code, i'm testing inside a kext:

struct h_execve_args {
user_addr_t fname;
user_addr_t argp;
user_addr_t envp;
};

static void hooked_execve(cp,uap,retval)
register struct proc *cp;
register struct h_execve_args *uap;
register_t *retval;
{
char name[255];
copyin(uap->fname,&name,255);
printf("Exec called: %s \n", name);
return orig_execve(cp,uap,retval);
}

But, it always returns an empty name.

Does anyone know what i should do?

Thanks in advance