IMO this name is too vague. ktrexecveargs() or similar would be better.

You're allocating a buffer here and then another for the env, then copying those buffers into a third buffer. But, the first two buffers are leaked, and there's no reason to allocate them that I can see - why not just copy everything into the final destination buffer?

Same comment regarding the name - "ARGS" is too vague.

Please group this with the other ktr*() functions further down below main().

Please format this more like other ktrace records. Using english to describe the fields is not very useful, especially without quotes.

At the very least, something like printf("{argv='%s', envp='%s'}\n"). Though, perhaps we want to do something to show whether individual args/envvars contain whitespace?

Missing an entry here for the new record type.

Hello Mark. Please check the new version. Do I still need to run a free() call at the end of the function, right after ktr_submitrequest()?

Is it possible that argvs and/or envv contain whitespace characters?

Please put a newline between variable declarations and the rest of the function. See the style.9 man page for more guidance: https://man.freebsd.org/cgi/man.cgi?style(9)

This can simply be buf[argc] = '\0';, no need to use bcopy().

Similarly, buf[argc + 1 + envc] = '\0'; is a bit simpler.

It's impossible to have buf == NULL here, this check can be removed.

Extra newline here.

You don't need these includes here. Just declare struct image_args in the same place where we already declare struct ktr_io_params.

There should be a space before *. See the style.9 man page I linked above.

Yes. Try tracing a shell, and run something like

$ awk '{ print }' /dev/null

The argv reported by ktrace will look like awk { print } /dev/null, which is a bit confusing.

The ktrace man page needs to be updated as well. We should add a new flag to -t to optionally disable execve tracing, and the documented list of default tracepoints also needs to be updated.