Skip to main content

Prerequisites

Before installing Dr.Semu, ensure your system meets these requirements:
Dr.Semu only supports Windows 10 version 1809. This is both the minimum and maximum supported version due to DynamoRIO compatibility constraints.

Required software

1

Windows Projected File System

Enable ProjFS using PowerShell in an elevated window:
Enable-WindowsOptionalFeature -Online -FeatureName Client-ProjFS -NoRestart
ProjFS provides the virtual filesystem that isolates malware from your actual filesystem.
2

Python 3 x64

Install Python 3 64-bit from the official Python downloads page.Dr.Semu uses Python for executing detection rules after behavioral analysis completes.
3

DynamoRIO

Download DynamoRIO from the official releases page.
Ensure you download a DynamoRIO version compatible with Windows 10 version 1809.

Installation from releases

1

Download Dr.Semu

Download the latest release from the Dr.Semu releases page and extract the zip file.
2

Extract DynamoRIO

Extract the DynamoRIO download into the Dr.Semu folder and rename the directory to dynamorio.Your directory structure should look like:
DrSemu/
├── dynamorio/
│   ├── bin32/
│   ├── bin64/
│   └── ...
├── DrSemu.exe
└── ...
3

Verify installation

Open a command prompt in the DrSemu directory and run:
DrSemu.exe --help
You should see the help output displaying available options.

Building from source

If you prefer to build Dr.Semu from source:

Build prerequisites

1

Enable ProjFS

Enable-WindowsOptionalFeature -Online -FeatureName Client-ProjFS -NoRestart
2

Install dependencies

  • Install Python 3 x64
  • Download DynamoRIO and extract to bin folder, rename to dynamorio
3

Build pe-parse library

Generate Visual Studio project from DrSemu\shared_libs\pe_parse using cmake-gui:
  1. Build 32-bit library under build (\shared_libs\pe_parse\build\pe-parser-library\Release\)
  2. Build 64-bit library under build64
  3. Change run-time library option to Multi-threaded (/MT)
4

Build Dr.Semu

  1. Open the solution in Visual Studio
  2. Set LauncherCLI as the StartUp Project
  3. Build the solution

Configuration

Detection rules

Dr.Semu includes a dr_rules directory for detection rules. You can:
Rules analyze both dynamic behavior (from JSON reports) and static file properties to determine if executables are malicious.

Directory structure

After installation, your Dr.Semu directory should contain: 
DrSemu/
├── dynamorio/         # DynamoRIO installation
├── dr_rules/          # Detection rules (Python/Lua)
├── bin32/             # 32-bit Dr.Semu client DLL
├── bin64/             # 64-bit Dr.Semu client DLL
├── DrSemu.exe         # Main executable
└── virtual_FS_REG.exe # Virtual FS/Registry handler

Next steps

Quick start guide

Run your first malware analysis

Writing rules

Learn to create custom detection rules

Build docs developers (and LLMs) love

Get started for freeTalk to us