User-level is a bit rough, but still possible.
dwarffrob.py is, tragically, a work in progress, but it's more aimed at finding structure offsets than symbol names. If you are looking for a particular user-level binary, you can harvest symbols in the guest (either via windbg.exe or /usr/bin/nm), and append the symbols in the binary to the file specified in vprobe.guestSyms.
Next, you need to make sure that you're hitting the right process. This is best achieved by setting up one of the preloads for your guest and manually checking curprocname; e.g.:
GUEST:UserLevelSym
if (!strcmp(curprocname(), "targetBinary")) {...}
You can also test curpid() if you like, etc. Unfortunately, this is all very manual. It would be nice both to automate the symbol harvesting, and to provide nicer notation for probing particular processes. There is also some difficulty with accessing linear addresses that the guest happens to have paged out: since VProbes is nervous about perturbing the state of the guest, we don't inject page faults on such accesses. So the probe fire will simply fail, leaving a warning in your vmware.log.
Thanks,
Keith