diff --git a/GPL/Events/Process/Probe.bpf.c b/GPL/Events/Process/Probe.bpf.c
index d3b24d27..f34c7df0 100644
--- a/GPL/Events/Process/Probe.bpf.c
+++ b/GPL/Events/Process/Probe.bpf.c
@@ -166,7 +166,7 @@ int BPF_PROG(sched_process_exec,
 
     // filename
     field = ebpf_vl_field__add(&event->vl_fields, EBPF_VL_FIELD_FILENAME);
-    size  = read_kernel_str_or_empty_str(field->data, PATH_MAX, binprm->filename);
+    size  = ebpf_resolve_path_to_string(field->data, &p, task);
     ebpf_vl_field__set_size(&event->vl_fields, field, size);
 
     ebpf_ringbuf_write(&ringbuf, event, EVENT_SIZE(event), 0);
diff --git a/testing/testrunner/ebpf_test.go b/testing/testrunner/ebpf_test.go
index 3cf88362..8bb16f24 100644
--- a/testing/testrunner/ebpf_test.go
+++ b/testing/testrunner/ebpf_test.go
@@ -179,7 +179,7 @@ func ForkExec(t *testing.T, et *Runner) {
 
 	require.Equal(t, execEvent.Creds.CapPermitted, uint64(0x000001ffffffffff))
 	require.Equal(t, execEvent.Creds.CapEffective, uint64(0x000001ffffffffff))
-	require.Equal(t, execEvent.FileName, "./do_nothing")
+	require.Equal(t, execEvent.FileName, "/do_nothing")
 	require.Equal(t, execEvent.Argv[0], "./do_nothing")
 	require.Equal(t, execEvent.Env[0], "TEST_ENV_KEY1=TEST_ENV_VAL1")
 	require.Equal(t, execEvent.Env[1], "TEST_ENV_KEY2=TEST_ENV_VAL2")