Looks like a useful feature, thanks 🙏

Perhaps worth noting this PR is nearly 500 lines and still in draft state, so could be worth splitting up into smaller, easier-to-review PRs of closer to ~100 lines.

I'll close this PR for now, wait for the 32-bit pt fix, and then open smaller PRs soon.

@chrf01 tbh it would be great to have it for whatever it works atm and just gate 32-bit saying "To be fixed" or something :).

Eh, I see this is missing adding the symbols into actual GDB session, hmm... :(

Fwiw here's some command hacked fast (not linted etc) to have a klookup <addr> function... better than nothing :).

(In a final version, we should probably just add symbols to the GDB session, but I don't have time for that; if anyone knows how to do it fast, lmk!)

from __future__ import annotations

import pwndbg.commands
from pwndbg.color import message
from pwndbg.commands import CommandCategory
import argparse

parser = argparse.ArgumentParser(description="Lookup kernel address.")
parser.add_argument("addr", type=int, help="Address to lookup")

@pwndbg.commands.ArgparsedCommand(parser, category=CommandCategory.KERNEL)
@pwndbg.commands.OnlyWhenRunning
def klookup(addr) -> None:
    ksyms = pwndbg.gdblib.kernel.kallsyms.get()
    found = False

    for k,v in ksyms.items():
        if v[0]==int(addr):
            print('%#x => %s (%s)' % (addr, k, v[1]))
            found = True

    if not found:
        print("No symbol found at %#x" % addr)

we should probably just add symbols to the GDB session

It seems like that would require generating a temporary ELF file with the symbols you want to add and then importing it through add-symbol-file or add-symbol-file-from-memory 😕... meh.