DTrace to trap any chmod applied to certain files

Underneath the Mac OS X directory /audit I have certain files which users can access and chmod to their liking. I need to audit any chmod done on any files by recording the time, user and file being chmod, especially the latter. I can dtrace -n 'syscall::chmod:entry' and detect the events, how do I read the first argument to chmod? man 2 chmod tells me the path is in the first argument: chmod(const char *path, mode_t mode); but how can I read args? I think I am doing this the wrong way around.. perhaps entry doesn't correspond to the actual syscall? If I have a probe I can monitor, how can I check which parameters it offers for access and what types they are? I am assuming some pointers will need to be dereferenced based on their data layout..