Upgrade and Zenburn the Console Window


In Windows, console windows (aka command line or “DOS” windows) are special. In a UNIX-like environment a terminal emulator talks to a local virtual teletype and connects to three text streams: standard in, standard out and standard error. From the first version of Windows NT to now, the client-server runtime subsystem automatically creates a special window environment for any command-line program or shell. In fact, up until Windows 7, the window was actually owned by csrss.exe which runs with system privileges. These windows mostly look like the rest of Windows but they are different in deep ways. Even if you remove the entire graphics and windowing infrastructure from Windows as in Windows Server Core, you are left with the GINA logon screen and a console window which looks exactly the same because the code to draw them is in csrss.exe rather than the normal window manager. That’s also the reason why they aren’t themed in Windows XP. Console Windows also can’t be resized in the usual way. On the other hand, Console windows offer a richer programming environment than sdtin,stdout and sderror because they always have a title bar and exist within a window station which means that services like the clipboard can be assumed. The gist is that for reasons of backwards compatibility and security, it is difficult for Microsoft to change very much about how console windows work. And besides, it’s a nerd feature that normal people never use.


For me, there are some minor annoyances with console windows that I mostly try to ignore:

  1. Console Windows aren’t easily resizable. You have to change the definition of the rows and columns. Dragging the window borders either creates scrollbars or does nothing.
  2. Copy operates in a block mode rather than a line mode. That means if you copy text, you end up having to fix it where line breaks were added or you can accidentally leave out columns and end up with garbage.
  3. Marking for copy blocks the execution of anything trying to write to the window. This makes “Quick Edit” mode dangerous because clicking on the window tends to freeze it. Because of item 1 and 3, I end up creating giant console windows and leaving them that way. The shortcuts that PowerShell creates for itself do this by default.

Enter Console.exe

Its not easy to replace console windows with something else. If you use a terminal emulator with VTYs in the POSIX subsystem (like xterm in the POSIX/SUA subsystem) some console applications that expect to interact with the console window or the window station service won’t run at all or only work in a special mode, like PowerShell. Also, the VTYs exist in the POSIX subsystem and don’t have access to your current window station, so you can’t start windowing applications from a terminal on a VTY (like “explorer .” to open Explorer in the current command shell directory).

Console (aka Console2) is a modern terminal environment like a Gnome Terminal or Konsole  for Windows that is 100% compatible with applications that expect a console window running in a window station. That’s because it works by hooking and hiding the console window created by CSRSS while providing a richer user environment. I gave up on this thing when I started using Vista x64 because it was broken. It has matured a lot since then and the latest beta works great with Windows 7 x64.

  • Arbitrary window resizing by dragging the borders!
  • Copy selects lines and keeps line breaks intact like xterm et al. (Hint: the default is SHIFT+{mouse-select} to select, {mouse-click} to copy and {mouse-middle-click} to paste.)
  • Available tabbed environment.
  • Easily configure fonts without editing the registry.
  • Save multiple shell environments (like visual studio command prompt, cygwin, powershell, etc.)
  • Also, there are toys like transparency and background images.
  • All the key bindings and window layout stuff is configurable.
  • The windows console function key bindings (like F7 for history) still work.
    Unfortunately, selecting text still blocks the underlying windows console and therefore the execution of any script or application that might be generating text, but we get a configurable quick edit behavior where the defaults won’t have you accidentally selecting and blocking a window.

It Just Needs Zenburn

Zenburn is a low contrast color scheme originally developed for Vim and subsequently ported to almost everything. It’s a dark, low eye strain theme that is very addictive.

Here are Zenburn colors for console.xml:


        <color id="0" r="62" g="62" b="62"/>
        <color id="1" r="100" g="100" b="175"/>
        <color id="2" r="0" g="128" b="0"/>
        <color id="3" r="0" g="128" b="128"/>
        <color id="4" r="51" g="35" b="35"/>
        <color id="5" r="170" g="80" b="170"/>
        <color id="6" r="220" g="220" b="0"/>
        <color id="7" r="220" g="220" b="204"/>
        <color id="8" r="192" g="128" b="128"/>
        <color id="9" r="175" g="175" b="255"/>
        <color id="10" r="127" g="159" b="127"/>
        <color id="11" r="140" g="208" b="211"/>
        <color id="12" r="227" g="113" b="113"/>
        <color id="13" r="200" g="128" b="200"/>
        <color id="14" r="240" g="223" b="175"/>
        <color id="15" r="255" g="255" b="255"/>

Console.sf.net with Zenburn colors showing muted red error.zenburn-console

Console.sf.net with muted colors showing F7 history popup.zenburn-console-popup

Console.sf.net with Zenburn colors, multiple tabs and transparency. (The elephant is my desktop wallpaper.)



MSE v2 Command-Line Scanning

Microsoft Security Essentials (MSE) 2.0 adds command-line file scanning to its command-line interface.

MpCmdRun.exe is the command-line interface to MSE.

(Note that MSE has moved from “C:\Program Files\Microsoft Security Essentials” to “C:\Program Files\Microsoft Security Client”. And MpCmdRun.exe has moved to a subdirectory called Antimalware.)

In MSE v1, MpCmdRun was conspicuously missing an option to scan a file from a command line but the problem is rectified in MSE v2 beta.


The file scanning is a new sub-option of the –Scan argument.

-Scan [-ScanType value]
    0  Default, according to your configuration
    1  Quick scan
    2  Full system scan
    3  Single file custom scan

       [-File ]
            Indicates the file path to be scanned, only valid for custom scan

            This option is valid only for custom scan.
            When specified:
              - File exclusions are ignored.
              - Archive files are scanned.
              - Actions are not applied after detection.
              - Event log entries are not written after detection.
              - Detections from the custom scan are not displayed in the user

The usage is slightly awkward. It requires specifying –Scan –ScanType 3 –File <filename>.

A simple powershell function or a batch file.


function Scan-File( $file )
    $exe = Join-Path $env:ProgramFiles &quot;Microsoft Security Client/Antimalware/MpCmdRun.exe&quot;
	&amp; $exe -Scan -ScanType 3 -File $file


@echo off
set path=%programfiles%\Microsoft Security Client\Antimalware;%path%
cmd /c MpCmdRun.exe -Scan -ScanType 3 -File %1

Niftier PowerShell integration is possible by extending the work of the Scripting Guy’s Invoke-SecurityEssentials.ps1 script for MSE v1.0.

%d bloggers like this: