Trying to parser a syscall param

[eval]

i'm trying to learn to parser the params of a syscall, for example to log which programs are being executed in my system, but i don't know how to do it.

 

That's the source code, i'm testing inside a kext:

 

struct h_execve_args {

user_addr_t fname;

user_addr_t argp;

user_addr_t envp;

};

 

static void hooked_execve(cp,uap,retval)

register struct proc *cp;

register struct h_execve_args *uap;

register_t *retval;

{

char name[255];

copyin(uap->fname,&name,255);

printf("Exec called: %s \n", name);

return orig_execve(cp,uap,retval);

}

 

But, it always returns an empty name.

 

Does anyone know what i should do?

 

Thanks in advance