ANSI Escape Codes for Windows 7 RC

Two days ago j00ru informed me that my cmd.exe add-on (the one that adds the ultra important feature - colors!) does not work on Windows 7 RC - so I decided to have a look, and so version 0.004d came into being!

If one is interested about what add-on am I referring to, and how does it work - please read this post. In the current post I'll focus only one the minor differences, between Vista's cmd.exe and W7RC cmd.exe, that were the direct cause of version 0.004c malfunction.

To tell you the truth, there was only one difference - function LoadLibraryA was missing in the IAT of cmd.exe - and I used IAT entry in the cmd.exe entry loader (that was executed before OEP and loaded AnsiSupport.dll). In addition to that, I had a bug in my patcher - an uninitialized variable - that prevented the patcher from printing the correct error message that would instantly tell me what is wrong. Instead of that, the patcher inserted a "random" address into the patch, and behaved as if everything was OK - and this caused of course the patched cmd.exe to crash.

The solution was simple - I have written a variation of the patch that uses LoadLibraryW (which is present in IAT of cmd.exe from W7RC), and made the patcher choose which patch to apply, depending on the presence of either LoadLibraryW or LoadLibraryA in the IAT.

A download link as a final word:

cmd_ansihack_004d.zip (31kb, SRC+BIN)

And thats it!


2009-09-01 06:55:05 = selyb
Any chance you could write an x64 ver? :-D
presently, I'm using Vista64 but when 7 is officially release, I will upgrade

user TByles79
domain thefamilycirc.us
2009-09-01 11:31:53 = Gynvael Coldwind
As far as I know both Vista 64 (which I was using) and Win 7 64 have a 32-bit cmd.exe, so you should have no problem applying the patch.
If you have any problem, or you in fact have a 64-bit version of cmd.exe, let me know ;>
2009-09-01 18:46:34 = selyb
yes, I patched the 32bit cmd.exe with no problem
I suppose I could put the 32bit version in the autorun registry key for the 64bit one.

To clarify, the 64-bit versions of XP, Vista, and 7 all have a 64-bit cmd.exe in the system32 folder and a 32-bit cmd.exe in the SysWow64 folder
2009-09-01 19:00:53 = Gynvael Coldwind
Hmmm that's what I suspected. Well, thats what I get for using a 32-bit file manager on a 64-bit OS.... virtualized file system hehe ;>
I'll work on a native 64-bit version and release it in the future ;>
2009-09-01 21:16:33 = selyb
I tried to use some color codes with a vbscript using cscript.exe but it didn't work.
Is this because cscript doesn't output ANSI?

I tried this
[code]WScript.Echo Chr(27) & "[1;37mtext"[/code]
[code]WScript.StdOut.Write Chr(27) & "[1;37mtext"[/code]

Neither one works but if I put that same text in a batch file (with the literal Chr(27) instead of the function of course) it does work.
2009-09-01 22:02:33 = Gynvael Coldwind
Well, you kinda answered yourself. You are using cscript.exe, and this hack is for cmd.exe ONLY. It's not global, it works only with batch scripts (which are handled with cmd.exe) and the cmd.exe command line interpreter itself.
So it does not affect cscript.exe (however it might not be hard to hack the cscript.exe too using this code, and you are welcomed to do it of course ;>).
2009-10-07 15:44:07 = csl2009
Hi there. First of all thank you for all of your hard work.

This morning (10/7/2009) I was created by a series of Symantec Endpoint Protection notifications related to _cmd.exe. It is complaining of a Trojan Horse.

I hope this is an example of a false positive.

Anyway, I tried downloading your new cmd_004d version and it is also being flagged as a trojan. Not any of the files in the .zip file mind you, just the _cmd.exe program that is created by ansihack.exe.

Perhaps you can contact Symantec and have them fix this?

Take care and good luck.
2009-10-09 09:40:32 = Gynvael Coldwind
Well, it's easy to check if there is a troyan or not there, since it's open source ;>

Anyway, it might be detected so, since I use some hooking techniques, that when spoted by AV soft might be marked as 'evil troyan or other ultra evil malware from dr. evil'.
I'll contact the Symantec guys nevertheless and ask them to add it to the white list ;>

Take care and thx for the info ;>

2010-04-15 15:19:30 = marty
Hi -

Thanks for your nice patch which I got to work on my WinXP machine alright (004c as well as 004d).

So my old batch files finally look as they should again...

Q: Would you know of some means to change the *cursor* color of the cmd.exe window (which defaults to some 'auto' color depending on what fg and bg color is chosen via the system interface)..?
2010-04-15 19:45:08 = Gynvael Coldwind
Great ;)
Hmm, I have no idea about cursor color :(
2010-04-15 22:22:08 = marty
Well, on a real DOS system, the foreground color would determine the cursor color; somehow they managed to do it separately in Windows... I wondered whether there should be a separate variable for it.
2010-04-16 00:13:49 = Gynvael Coldwind
Hmm, I'll add it to the todo list ;)
2010-04-16 12:31:07 = marty
That's very nice of you... ---

btw, tested 004d on a copy of Win7 this morning.

It gave me this error (sorry, it's a German copy):
"Das System hat keinen Meldungstext für die Meldungsnummer 0x2350 in der Meldungsdatei Application gefunden."

I then went on testing it with a simple expression
<code>ESC[1;36;44mthis should be colored textESC[0;37;40m</code>, run from a small batch file.

With that I managed to get *cyan* text on a *blue* background, which means it does work successfully so far. ---

Then I thought I'd be brave and tried 004c and 004d within a XP Mode cmd.exe window; in both cases when calling ansihack.exe, the action seemed to go through, but there was *no* _cmd.exe to find in the subdirectory as a result. (of course it might never be intended to work in such a case in the first place, though would be nice, hmm :-)

2010-04-16 16:07:12 = marty
To be a bit more specific, it's been Win7 Prof 32bit (DE), and the test was done from a separate directory; next time I will use /system32/ to see the difference.

VM used on that host has been XP Mode (EUS).
2010-04-22 11:06:45 = marty
* On the Win7 machine, after copying the two dlls and _cmd.exe to the /system32/ subdirectory, and adding the 'debugger' key to the registry, and having done a restart, I do still get the above mentioned error message (0x2350).
* When using _cmd.exe, the sequence <code>ESC[0m</code> does not bring back the start situation, but only reduces high to normal intensity, leaving fg and bg colour untouched (which means it needs a full <code>ESC[0;37;40m</code> sequence to bring the window back to white on black).
2012-05-23 14:27:03 = Tom
I ran _cmd.exe manually to test this for Win7, I get the following errors when running a simple dir command:

The system cannot find message text for message number 0x235e in the message file for Application.
The system cannot find message text for message number 0x235b in the message file for Application.

The system cannot find message text for message number 0x2339 in the message file for Application.
05/23/2012 08:12 AM The system cannot find message text for message number 0x2373 in the message file for Applicati
05/23/2012 08:12 AM The system cannot find message text for message number 0x2373 in the message file for Applicati
03/08/2007 05:19 AM 50 eol.bat
03/08/2007 05:19 AM 94 gototest.bat
03/08/2007 05:19 AM 456 logo.bat
03/08/2007 05:19 AM 16 mycls.bat
03/08/2007 05:19 AM 119 posstack.bat
03/08/2007 05:19 AM 451 slogo.bat
03/08/2007 05:19 AM 748 test.bat
03/08/2007 05:19 AM 95 up.bat
03/08/2007 05:19 AM 32 wintitle.bat
The system cannot find message text for message number 0x2378 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

This is on Win7 SP1 32bit

2013-01-16 11:03:05 = Senilix
any news on getting this thing to work on win 7/8 64Bit? :)

2013-01-30 00:17:18 = Gynvael Coldwind
Sadly, no. It's on my TODO list, but I didn't yet have too much time to actually do it.

That's normal on Windows 7. It will stop acting like that once you move the hacked version do c:\windows\system32\cmd.exe (remember about DLL's; it's good to first take ownership of cmd.exe and remove any write/change privs from TrustedInstaller, or it will "recover" a non-hacked version for you, which isn't what you want).
2014-08-12 16:22:36 = pGrnd
Got here try to get Windows 8.1 cmd look decent

Any changes there would be anytime developed for 8.1 ??
2014-08-13 10:58:11 = Gynvael Coldwind
Sadly no - I've switched to conemu which has ANSI support built in (http://code.google.com/p/conemu-maximus5/) and stopped working on ansihack.

Add a comment:

URL (optional):
Math captcha: 3 ∗ 1 + 4 =