Guide / Command line

Command line

SysAnalyzer accepts a target path and several optional switches on the command line. This is intended for unattended runs, integration with sandbox queues, and scripted batch analysis.

Syntax

sysanalyzer.exe "<path to sample>" [/autostart] [/delay <n>] [/args "<arg string>"] [/outDir "<folder>"] [/ext <ext>]

Single or double quotes are accepted around values containing spaces.

Arguments

Argument	Description
<path>	Positional. Path to the file to analyze. Required as the first non-switch argument. Supports the token `%ap%`, which expands to SysAnalyzer's home directory.
/autostart	Skip the wizard's manual Start step. Snapshot 1, target launch, and countdown begin immediately on wizard load. Combined with `/delay` this gives a fully unattended run.
/delay <n>	Override the saved analysis delay. `n` in seconds. Default 30.
/args "<str>"	Arguments to pass to the target. For shell-handled extensions (PDF, DOC, HTML, JS…) the target should be the handler app and `/args` the file path.
/outDir "<folder>"	Override the analysis output folder. Default is `[Desktop]\analysis`.
/ext <ext>	Override the log-file extension. Default `.log`. Useful when feeding output to a tool that wants a specific extension.

Notes

All wizard checkboxes (API logger, sniff hit, packet capture, directory watcher, RWE list, monitored DLL list) are not set on the command line. Configure them in the GUI; they are saved across runs.
To configure once and run unattended, open the wizard, set everything, close it (this writes cfg.dat), then invoke with /autostart.
If /autostart is set but the sample path does not exist, SysAnalyzer aborts with a usage box.

Examples

Quick run with all defaults

sysanalyzer.exe "C:\samples\sample.exe"

Wizard appears with the path filled in. User clicks Start.

Fully unattended, 60-second analysis

sysanalyzer.exe "C:\samples\sample.exe" /autostart /delay 60

Sample with command-line arguments

sysanalyzer.exe "C:\samples\stage1.exe" /args "-c config.dat" /autostart

Document analysis (Word as the handler)

sysanalyzer.exe "C:\Program Files\Microsoft Office\winword.exe" /args "C:\samples\macro.docm" /autostart /delay 90

Custom output folder for batch runs

sysanalyzer.exe "C:\samples\sample.exe" /autostart /outDir "D:\analyses\sample-001"

From a script (PowerShell)

foreach ($f in Get-ChildItem D:\samples\*.exe) {
    $out = "D:\out\" + $f.BaseName
    Start-Process -Wait sysanalyzer.exe -ArgumentList @(
        "`"$($f.FullName)`"",
        "/autostart",
        "/delay", "45",
        "/outDir", "`"$out`""
    )
}

Drag-and-drop

Dropping a file on the SysAnalyzer desktop shortcut is equivalent to passing the file as the first argument. No switches can be supplied this way; configure them in the GUI first.