I received a lot of questions about my previous article/video on the fake windows lock screen program (sharplocker). As it happens there were a few things that…
- A – weren’t obvious enough
- B – could be done better
- C – I just didn’t know I was going wrong on
Why is the program blocked by my antivirus?
As it happens, false positives are a thing that effect simple c# programs – there’s not a ton that can be done about these. Also some antivirus solutions may block the program as it will have no reputation, given of course it is brand new.
Didn’t you know you should encode GET requests so all characters can be passed through?
No I didn’t, but now I do! Simply pass the textbox text into the method below (making sure to import the dependencies) this’ll make sure any special characters are encoded properly.
The fake lockscreen looks unrealistic, the usericon, username, background and power buttons are either missing or wrong
The program extracts the actual username which it uses (though running my example in a VM with the default username I gather didn’t get that across). As for the profile picture, sharplocker uses the default icon. However this fork has a fix.
Sharplocker will also use the default lock screen wallpaper instead of grabbing the actual one. You can however grab the desktop background instead as suggested in this issue. This solution isn’t perfect, but at least it creates some kind of familiarity on the part of the user, increasing the likelihood a password will be entered without forethought.
Image myimage = new Bitmap(@Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Microsoft\\Windows\\Themes\\TranscodedWallpaper")); // Grabs the current desktop background
Unfortunately I don’t have a fix for either the lockscreen image or the lack of power buttons. If you come up with something do let me know 🙂