diff --git a/bpf/lib/process.h b/bpf/lib/process.h
index 5cd009e0cb8..c943fe71ebc 100644
--- a/bpf/lib/process.h
+++ b/bpf/lib/process.h
@@ -277,6 +277,8 @@ struct heap_exe {
 	char end[STRING_POSTFIX_MAX_LENGTH];
 	__u32 len;
 	__u32 error;
+	__u32 arg_len;
+	__u32 arg_start;
 }; // All fields aligned so no 'packed' attribute.
 
 struct msg_execve_event {
@@ -326,6 +328,10 @@ struct binary {
 	// NB: everything after and including ->mb_bitset will not be zeroed on a new exec. See
 	// binary_reset().
 	mbset_t mb_bitset;
+	// length of the args stored in args
+	__s64 args_length;
+	// args for the binary
+	char args[MAXARGLENGTH];
 }; // All fields aligned so no 'packed' attribute
 
 FUNC_INLINE void
diff --git a/bpf/process/bpf_execve_event.c b/bpf/process/bpf_execve_event.c
index 4ef19cfab61..7ae09086605 100644
--- a/bpf/process/bpf_execve_event.c
+++ b/bpf/process/bpf_execve_event.c
@@ -91,6 +91,9 @@ read_args(void *ctx, struct msg_execve_event *event)
 
 	size = p->size & 0x1ff /* 2*MAXARGLENGTH - 1*/;
 	args = (char *)p + size;
+#ifdef __LARGE_BPF_PROG
+	event->exe.arg_start = size;
+#endif
 
 	if (args >= (char *)&event->process + BUFFER)
 		return 0;
@@ -116,6 +119,9 @@ read_args(void *ctx, struct msg_execve_event *event)
 		if (size > 0)
 			p->flags |= EVENT_DATA_ARGS;
 	}
+#ifdef __LARGE_BPF_PROG
+	event->exe.arg_len = size;
+#endif
 	return size;
 }
 
@@ -388,6 +394,8 @@ execve_send(void *ctx __arg_ctx)
 		/* zero out previous paths in ->bin */
 		binary_reset(&curr->bin);
 #ifdef __LARGE_BPF_PROG
+		__u32 nullone, nulltwo, off, len;
+
 		// read from proc exe stored at execve time
 		if (event->exe.len <= BINARY_PATH_MAX_LEN) {
 			curr->bin.path_length = probe_read(curr->bin.path, event->exe.len, event->exe.buf);
@@ -399,6 +407,15 @@ execve_send(void *ctx __arg_ctx)
 				revlen = STRING_POSTFIX_MAX_LENGTH - 1;
 			probe_read(curr->bin.end, revlen, event->exe.end);
 		}
+
+		off = event->exe.arg_start & 0xff;
+		len = event->exe.arg_len & 0xff;
+		probe_read(curr->bin.args, len, (char *)&event->process + off);
+
+		nullone = len + 1;
+		nulltwo = len + 2;
+		curr->bin.args[nullone & 0xff] = 0x00; // null terminate string
+		curr->bin.args[nulltwo & 0xff] = 0x00; // null terminate string
 #else
 		// reuse p->args first string that contains the filename, this can't be
 		// above 256 in size (otherwise the complete will be send via data msg)
diff --git a/pkg/api/processapi/processapi.go b/pkg/api/processapi/processapi.go
index b446303db15..5b302556e4a 100644
--- a/pkg/api/processapi/processapi.go
+++ b/pkg/api/processapi/processapi.go
@@ -46,6 +46,7 @@ const (
 	MSG_COMMON_FLAG_IMA_HASH          = 0x8
 
 	BINARY_PATH_MAX_LEN = 256
+	MAX_ARG_LENGTH      = 256
 
 	STRING_POSTFIX_MAX_LENGTH = 128
 )
@@ -153,12 +154,14 @@ type MsgCapabilities struct {
 }
 
 type Binary struct {
-	PathLength int32
-	Reversed   uint32
-	Path       [BINARY_PATH_MAX_LEN]byte
-	End        [STRING_POSTFIX_MAX_LENGTH]byte
-	End_r      [STRING_POSTFIX_MAX_LENGTH]byte
-	MBSet      uint64
+	PathLength  int32
+	Reversed    uint32
+	Path        [BINARY_PATH_MAX_LEN]byte
+	End         [STRING_POSTFIX_MAX_LENGTH]byte
+	End_r       [STRING_POSTFIX_MAX_LENGTH]byte
+	MBSet       uint64
+	Args_length int64
+	Args        [MAX_ARG_LENGTH]byte
 }
 
 type MsgNamespaces struct {