You can run Relyze Desktop from the command line in order to analyze a file without bringing up the GUI, by using the /analyze switch, for example to analyze the file “c:\samples\foo.dll” and save it to your default library you can use:

RelyzeCLI.exe /analyze "c:\samples\foo.dll"

The application RelyzeCLI.exe will return 0 for success, 1 if the input file was skipped or -1 on failure. The input file may be skipped if either the /skip switch was used and a duplicate analysis archive already exists in your library, or if a plugin decides to invoke the Relyze::FileModel.abort() method.

Options

A list of all the additional command line options are shown below:

/library <c:\path\to\library> - Specify a directory to use for the library. All saved analysis archives will be placed in this directory.

/tags “name1:hexcolor1,name2:hexcolor2” - Specify custom tags to apply to the saved analysis archive.

/nosave - Don’t save the analyzed file to the library.

/noflat - If the input file is not a recognized executable file format, don’t process it as a flat binary file.

/skip - If a duplicate analysis archive exists in the library, don’t analyze the new file.

/replace - If a duplicate analysis archive exists in the library, replace the existing archive with the newly analyzed archive.

/add - Add the new analysis archive to the library, ignoring any duplicate archive that may exist.

/nosymbols - Don’t try to retrieve or use symbols during analysis.

/decoder <GUID> - Run a given decoder plugin over the input file before analysis.

/plugin <File|GUID> - Run a given analysis plugin during analysis. To specify multiple plugins use a separate /plugin argument for each one. You may specify the plugin either via its unique GUID or by an absolute file path.

/plugin_commandline “/opt1 /opt2=1234 /opt3=5678” - Specify any custom options to pass to all the plugins.

Examples

You can specify a different library directory to save to via the /library switch, for example:

RelyzeCLI.exe /analyze "c:\samples\foo.dll" /library "c:\samples\library\"

If you want to apply a custom tag to the saved analysis archive you can use the /tags switch and provide a comma separated list of tag names and RGB colors, for example:

RelyzeCLI.exe /analyze "c:\samples\foo.dll" /tags "Malware:0x00FF8080,Campaign1:0x0000FFFF"

This will analyze the file “c:\samples\foo.dll”, save it to your default library and add the tags “Malware” and “Campaign1” to the saved analysis archive.

If you want to analyze the file but don’t want to save it to your library you can pass the /nosave switch, for example:

RelyzeCLI.exe /analyze "c:\samples\foo.dll" /nosave

If you want to first run a decoder plugin over the input file before analysis, you can use the /decoder switch and provide the appropriate decoder plugin GUID, for example:

RelyzeCLI.exe /analyze "c:\samples\foo.dll" /decoder "{4BE1917F-D5E0-499D-A26A-304E22F59E75}"

This will analyse the file “c:\samples\foo.dll” but first run the “Bitwise Not” decoder plugin, which has a GUID of “{4BE1917F-D5E0-499D-A26A-304E22F59E75}”, over the input file before analysis.

If you want to run one or more analysis plugins during the analysis you can specify them via the /plugin switch and provide the appropriate analysis plugin GUID, for example:

RelyzeCLI.exe /analyze "c:\samples\foo.dll" /plugin "{6264A3EE-44EF-416A-94AE-C42D60B47E57}"

This will analyse the file “c:\samples\foo.dll” and run the “PE Import Hash” analysis plugin, which has a GUID of “{6264A3EE-44EF-416A-94AE-C42D60B47E57}”, during analysis. To run multiple analysis plugins you may pass multiple /plugin switches on the command line.

RelyzeCLI.exe /analyze "c:\samples\foo.dll" /plugin "c:\users\foo\desktop\testing.rb"

This will analyse the file “c:\samples\foo.dll” and run the analysis plugin testing.rb during analysis.

To pass custom arguments to the plugins you can use the /plugin_commandline switch, for example:

RelyzeCLI.exe /analyze "c:\samples\foo.dll" /plugin "{CF35EE83-6024-46E5-9F01-7C8731A16629}" /plugin_commandline "/virustotal_apikey=12345"

This will analyse the file “c:\samples\foo.dll” and run the “VirusTotal Detection Rate” analysis plugin, which has a GUID of “{CF35EE83-6024-46E5-9F01-7C8731A16629}”, during analysis. The plugin will receive the options “/virustotal_apikey=12345”