Skip to main content

Overview

Dr.Semu provides a command-line interface through LauncherCLI.exe for analyzing malware samples. The tool accepts either individual executable files or directories containing multiple executables.

Basic Syntax

LauncherCLI.exe --target <path> [options]

User-Facing Options

These are the primary options you’ll use when running Dr.Semu.
--target
string
required
Path to a Windows executable (.exe) file or directory containing executables.
  • If a file is provided: Analyzes that single executable
  • If a directory is provided: Analyzes all .exe files in the directory
Aliases: -tExample:
LauncherCLI.exe --target "C:\samples\malware.exe"
LauncherCLI.exe --target "C:\samples\"
--cmd_line
string
Command-line arguments to pass to the target executable.Aliases: -cDefault: Empty (no arguments)Example:
LauncherCLI.exe --target "sample.exe" --cmd_line "/silent /install"
--time_limit
integer
Time limit for monitoring the target process, in seconds. The process will be terminated after this duration.Aliases: -lDefault: 120 (2 minutes)Example:
LauncherCLI.exe --target "sample.exe" --time_limit 300

Internal Options

These options are used internally by Dr.Semu’s architecture and are passed to the DynamoRIO client. You should not use these manually.
-vm
integer
VM instance index number for multi-sample analysis.
-pid
integer
Process ID of the fake explorer.exe process.
-bin
string
Location of Dr.Semu binaries directory.
-dir
string
Virtual machine temporary directory path.
-report
string
Report directory name for JSON output.
-main_slot
string
Main mailslot name for inter-process communication.
-limit
integer
Time limit passed to the DynamoRIO client.

Examples

Analyze a Single File

LauncherCLI.exe --target "C:\malware\ransomware.exe"

Analyze with Custom Arguments

LauncherCLI.exe --target "C:\samples\installer.exe" --cmd_line "/S /D=C:\\Program Files\\App"

Analyze with Extended Time Limit

LauncherCLI.exe --target "C:\samples\dropper.exe" --time_limit 600

Batch Analyze a Directory

LauncherCLI.exe --target "C:\samples\"
This will analyze all .exe files in C:\samples\ directory, running each in its own VM instance.

Exit Codes

CodeDescription
0Analysis completed successfully
-1Invalid arguments or file not found

Notes

Dr.Semu only accepts Windows PE executables with .exe extension. Other file types will be rejected with an “Invalid file extension” error.
Make sure to run LauncherCLI.exe with administrator privileges, as it needs to create virtual filesystems and launch instrumented processes.

Architecture Detection

Dr.Semu automatically detects the target architecture (x86 or x64) and loads the appropriate DynamoRIO client:
  • 32-bit executables: Uses drsemu_x86.dll with dynamorio/bin32/drrun.exe
  • 64-bit executables: Uses drsemu_x64.dll with dynamorio/bin64/drrun.exe

Next Steps

Analyzing Samples

Learn how to analyze malware samples step-by-step

Understanding Reports

Interpret the JSON analysis reports

Build docs developers (and LLMs) love

Get started for freeTalk to us