ICE: Binary analysis that you can see

Tools for high-level languages often assist developers in successfully comprehending complex systems without worrying about low-level details. However, new architectures and paradigms now pose new challenges in program comprehension that often require high-level reasoning about low-level issues - sometimes even at the level of processor instructions. This is particularly true for the new generation of developers learning to harness the power of SIMD operations, multi-core, multiprocessor systems. Though industrial-strength tools for malware analysts are available, these typically come at considerable cost and require extensive expertise. Our proposed solution is to extend high-level comprehension tools, commonly available in IDEs, to low-level representations. This paper presents the design and prototype implementation of an Integrated Comprehension Environment (ICE), which provides an Eclipse-based tool suite extended to analyse code in intermediate and assembly languages. Preliminary evaluation based on visualisations for wayfinding, call graphs, sequence diagrams and control flow show, (1) correspondence to requirements for comprehension tools in this domain, (2) flexibility in the spectrum of data sources it can accept, and (3) scalability with respect to the explosion of instructions in the code base, while still providing a means to build new visualisations for analysis.